There are three questions being asked:

How do you determine a row was changed?

You have a handful of choices:

1. Requery for the data and do a comparison. This will tell you exactly what columns changed (but not necessarily by whom).
2. Use a rowversion column (called a timestamp in older versions of SQL Server) which will update itself every time the row is changed. This will only tell you that something changed but not what column was changed or who changed it.

How do you determine that the row was created by an external application
rather than your own app

This one is a bit trickier. Technically, you might think that simply writing the name of the app into a column in the row might suffice but that technique is not safe. An external application that has rights to save to this column could easily do the same. The safer way would be to use an external monitoring program that tracks every change made to the database and the user that made it. In SQL Server 2008, there is a feature called “Change Tracking” which revolves around similar functionality which also might suffice.

How do you stop external changes to
the database?

The obvious choice is to restrict access to the database. Only let the application account have access to the database and/or access to the tables and stored procedures. In addition, you need to lock down access by administrators and developers to the database so that only a select few can access the database. Combined with good logging, that should prevent mystery rows from appearing.