Navigation:  Monitoring with EventSentry > System Health Monitoring > Software Monitoring >

Event Log

Top  Previous  Next

The following event log records are logged by this feature with the Autorun Monitoring category:

 

Event ID

Event Description

Example

12000

An application was installed.

Application {51A3EF81-FAAF-4E70-815C-74D34D4EC313} (Cloudmark SpamNet 3.0) was installed.

Additional Information:

Publisher: NETIKUS.NET ltd

Installation Directory: C:\Program Files\EventSentry

12001

An application was uninstalled.

Application {51A3EF81-FAAF-4E70-815C-74D34D4EC313} (Cloudmark SpamNet 3.0)

12002

An application or file registered itself in a autorun registry key and will be run automatically when a user logs on.

Application badtrojan.exe registered itself in the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and will be automatically run when a user logs into the system.

12003

An application or file registered itself in the registry by changing a value.

The registry value Shell in key HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon changed from "explorer.exe" to "badandevilshell.exe". All files specified in this value will be automatically run when a user logs into the system.

12004

An application was removed from an autorun registry key.

Application desktophog.exe was removed from the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run and will no longer be run when a user logs into the system.

12005

A file was registered in an autorun directory.

The application eraseallfiles.exe registered itself in the directory c:\Documents and Settings\All Users\Start Menu\Programs\Startup and will be automatically run when a user logs into the system.

12006

A shortcut was registered in an autorun directory.

The shortcut PerformanceEnhancer.lnk (using file c:\windows\evilvirus.exe) registered itself in the directory C:\Documents and Settings\All Users\Start Menu\Programs\Startup and will be automatically run when a user logs into the system.

12007

A shortcut was removed from an autorun directory.

The shortcut PerformanceEnhancer.lnk  (using file c:\windows\evilvirus.exe) was removed from directory C:\Documents and Settings\All Users\Start Menu\Programs\Startup and will no longer run when a user logs into the system.

12008

An application registered itself in an autorun registry key and will be run automatically when the computer starts.

Application YourPersonalAdware.exe was added to the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup and will be automatically run when the system boots.

12009

An application was removed from an autorun key and will no longer be run when the system boots.

Application YourPersonalAdware.exe was removed from the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup and will no longer be run the system boots.

12010

An application registered itself in a registry key and might be automatically run when a user logs into the system.

The application SmartTrojan registered file c:\windows\eraseanddestroy.exe in registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and might be automatically run when a user logs into the system. Please see the help file (search for ACTIVE SETUP) for more information.

12011

An application removed itself from a registry key and will no longer be run when a user logs into the system.

Application SmartTrojan (using file c:\windows\eraseanddestroy.exe) was removed from the registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and will no longer be run when a user logs into the system.

12012

A registry key could not be monitored and the feature disabled itself.

There was an error (999) monitoring registry key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components. Please restart the EventSentry agent or notify NETIKUS.NET support if this problem persists. Autorun monitoring will NOT continue.

12030

The installed memory changed.

The amount of physically installed memory changed from 512 Mb to 256 Mb.

12031

The number of installed processors changed.

The number of installed processors changed from 1 to 2.

12032

The number of installed floppy drives changed.

The number of installed floppy drives changed from 0 to 1.

12033

The number of installed CDROM drives changed.

The number of installed CDROM drives changed from 1 to 0.

12034

The number of installed DVD drives changed.

The number of installed DVD drives changed from 1 to 2.

12035

The number of removable drives changed.

The number of removable drives changed from 0 to 2.

12036

The link speed of a network adapter changed.

The link speed of adapter Gigabit Network Card changed from 1Gb to 100Mb.

12040

A removable drive has been added.


12041

A removable drive has been removed.


12042

A drive reported a S.M.A.R.T. status error.