2014/06/04 20:43:05 ossec-agent: INFO: Received exit signal.
2014/06/04 20:43:05 ossec-agent: INFO: Exiting...
2014/06/04 20:43:05 ossec-agent: Using notify time: 600 and max time to reconnect: 1800
2014/06/04 20:43:05 ossec-execd(1350): INFO: Active response disabled. Exiting.
2014/06/04 20:43:05 ossec-agent(1410): INFO: Reading authentication keys file.
2014/06/04 20:43:05 ossec-agent: INFO: No previous counter available for 'xp'.
2014/06/04 20:43:05 ossec-agent: INFO: Assigning counter for agent xp: '0:0'.
2014/06/04 20:43:05 ossec-agent: INFO: Assigning sender counter: 0:1062
2014/06/04 20:43:05 ossec-agent: INFO: Trying to connect to server (172.16.215.143:1514).
2014/06/04 20:43:05 ossec-agent: INFO: Using IPv4 for: 172.16.215.143 .
2014/06/04 20:43:05 ossec-agent: Starting syscheckd thread.
2014/06/04 20:43:05 ossec-rootcheck: INFO: Started (pid: 3020).
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\comfile'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\exefile'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\piffile'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\Directory'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Policies'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Security'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/win.ini'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/system.ini'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\autoexec.bat'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\config.sys'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\boot.ini'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/CONFIG.NT'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/AUTOEXEC.NT'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/at.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/attrib.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/cacls.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/debug.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/drwatson.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/drwtsn32.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/edlin.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/eventcreate.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/eventtriggers.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/ftp.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/net.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/net1.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/netsh.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/rcp.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/reg.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/regedit.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/regedt32.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/regsvr32.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/rexec.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/rsh.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/runas.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/sc.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/subst.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/telnet.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/tftp.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/tlntsvr.exe'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\WINDOWS/System32/drivers/etc'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\Documents and Settings/All Users/Start Menu/Programs/Startup'.
2014/06/04 20:43:05 ossec-agent: INFO: Monitoring directory: 'C:\Users/Public/All Users/Microsoft/Windows/Start Menu/Startup'.
2014/06/04 20:43:05 ossec-agent: INFO: Started (pid: 3020).