Event Logs

 Top  Previous  Next

Currently the following event log records can be logged by this feature:

 

Event ID

Event Description

Example

12000

An application was installed.

Application {51A3EF81-FAAF-4E70-815C-74D34D4EC313} (Cloudmark SpamNet 3.0) was installed.

Additional Information:

Publisher: NETIKUS.NET ltd

Installation Directory: C:\Program Files\EventSentry

12001

An application was uninstalled.

Application {51A3EF81-FAAF-4E70-815C-74D34D4EC313} (Cloudmark SpamNet 3.0)

12002

An application or file registered itself in a autorun registry key and will be run automatically when a user logs on.

Application badtrojan.exe registered itself in the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and will be automatically run when a user logs into the system.

12003

An application or file registered itself in the registry by changing a value.

The registry value Shell in key HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon changed from "explorer.exe" to "badandevilshell.exe". All files specified in this value will be automatically run when a user logs into the system.

12004

An application was removed from an autorun registry key.

Application desktophog.exe was removed from the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and will no longer be run when a user logs into the system.

12005

A file was registered in an autorun directory.

The application eraseallfiles.exe registered itself in the directory c:\Documents and Settings\All Users\Start Menu\Programs\Startup and will be automatically run when a user logs into the system.

12006

A shortcut was registered in an autorun directory.

The shortcut PerformanceEnhancer.lnk (using file c:\windows\evilvirus.exe) registered itself in the directory C:\Documents and Settings\All Users\Start Menu\Programs\Startup and will be automatically run when a user logs into the system.

12007

A shortcut was removed from an autorun directory.

The shortcut PerformanceEnhancer.lnk  (using file c:\windows\evilvirus.exe) was removed from directory C:\Documents and Settings\All Users\Start Menu\Programs\Startup and will no longer run when a user logs into the system.

12008

An application registered itself in an autorun registry key and will be run automatically when the computer starts.

Application YourPersonalAdware.exe was added to the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup and will be automatically run when the system boots.

12009

An application was removed from an autorun key and will no longer be run when the system boots.

Application YourPersonalAdware.exe was removed from the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup and will no longer be run the system boots.

12010

An application registered itself in a registry key and might be automatically run when a user logs into the system.

The application SmartTrojan registered file c:\windows\eraseanddestroy.exe in registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and might be automatically run when a user logs into the system. Please see the help file (search for ACTIVE SETUP) for more information.

12011

An application removed itself from a registry key and will no longer be run when a user logs into the system.

Application SmartTrojan (using file c:\windows\eraseanddestroy.exe) was removed from the registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and will no longer be run when a user logs into the system.

12012

A registry key could not be monitored and the feature disabled itself.

There was an error (999) monitoring registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components. Please restart the EventSentry agent or notify NETIKUS.NET support if this problem persists. Autorun monitoring will NOT continue.