how to learn when process started?

You can use SIW, a very useful tool: http://www.gtopala.com/siw-download.html

It will give you the process start time among other information about the process such as open files associated with it, networking ports, loaded dlls, etc.

You can use SIW, a very useful tool: http://www.gtopala.com/siw-download.html

It will give you the process start time among other information about the process such as open files associated with it, networking ports, loaded dlls, etc.

Yes - pretty damn fine splendid tool.

It's really useful if you think you've got a virus/trojan and you know when you went onto that porn site or wherever that gave the syph to your PC - LOL. You can nail the trojan there and then. Well, it's not quite a simple as that but it's a sure-fire help because you can then look around your PC for anything created at the same time, delete it and you stand a good chance of recovering quickly.

Please mark this thread as solve since your question was answered.

Please mark this thread as solve since your question was answered.

i know you want to satisfy your ego with me marking this as solved but i havent tried it yet, dont worry, i always mark threads as solved if i got the solution. I will also add to your reputation if that works fine for me too :)

Such honesty ;)

I am getting in the habit of doing that for my threads mostly for the C# forum. Someone asks "How do i accomplish A", you answer, then they want to build on that doing "B,C,D,...Z" in the same thread. If they created new threads then people coming to the forum in the future could more accurately see if a question has been answered without digging in to the detail of each thread.

Cheers

I downloaded the tool, it works, but it doesnt show the correct creating time of the process.

i know you want to satisfy your ego with me marking this as solved but i havent tried it yet, dont worry, i always mark threads as solved if i got the solution. I will also add to your reputation if that works fine for me too :)

Spot on! You got that one right!

Eh, I think you're right it appears to be a bug in SIW. I start a process and it shows it started at 5:00, when it is now 10:00, but curiously enough my timezone is -5:00.

It looks like it is subtracting the timezone offset from the already-local execution time, is this the same case with your findings?

Yeah that is the case for me too, my timezone is -5:00, but anyway it already gives some information that will help.
Thanks

My timezone was/is correct. GMT.

I emailed Gabriel (maintainer of SIW) and he confirmed my suspicion that the TZ was being subtracted from the already localized time and he will fix the bug and upload it "ASAP".

wow that is such a great feedback, both you and me contributed to quality of their software :)