求助：电脑被别人拿走44天，想知道他干了啥，如何下手？

[zwdnet]

我的电脑装的是Ubuntu10.04，因为出了点事，被别人拿走44天（完全合法的，国家机器嘛），今天刚还回来，我想知道他干了啥，会不会在我电脑里放后门，种木马之类的。我看了下日志，好像就4月1日，4月14日开过两次机。其它时间不知道是不是把硬盘拆下来弄的（拿走的时侯我忘了记录硬盘使用时间了，不然一对比就知道了）。现在我想请教下要看那些日志知道他干了什么，还有我想开一夜电脑抓包看看有没有什么异常程序在联网，之前需要把正常的联网程序关掉，要关哪些啊？折腾完了肯定要重装的，不然心理有阴影啊！谢谢了。
以下是syslog日志：

代码： 全选

syslog:
Apr 14 13:38:24 localhost rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="408" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
Apr 14 13:38:24 localhost rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="408" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
Apr 14 13:39:01 localhost CRON[6122]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
Apr 14 13:39:16 localhost anacron[835]: Job `cron.daily' terminated
Apr 14 13:40:42 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 13:40:49 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 13:41:02 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 13:41:12 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 13:41:21 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Apr 14 13:41:32 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Apr 14 13:41:43 localhost dhclient: No DHCPOFFERS received.
Apr 14 13:41:43 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 13:43:20 localhost anacron[835]: Job `cron.weekly' started
Apr 14 13:43:20 localhost anacron[7319]: Updated timestamp for job `cron.weekly' to 2011-04-14
Apr 14 13:43:26 localhost anacron[835]: Job `cron.weekly' terminated
Apr 14 13:43:26 localhost anacron[835]: Normal exit (2 jobs run)
Apr 14 13:44:43 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 13:44:51 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 13:44:58 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 17
Apr 14 13:44:59 localhost kernel: [  730.264018] composite sync not supported
Apr 14 13:45:01 localhost CRON[7760]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 13:45:15 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 19
Apr 14 13:45:34 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 13:45:44 localhost dhclient: No DHCPOFFERS received.
Apr 14 13:45:44 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 13:50:53 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 13:50:57 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Apr 14 13:51:02 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 13:51:14 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 13:51:22 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 19
Apr 14 13:51:41 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 13:51:53 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 1
Apr 14 13:51:54 localhost dhclient: No DHCPOFFERS received.
Apr 14 13:51:54 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 13:55:01 localhost CRON[9980]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 13:58:22 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Apr 14 13:58:28 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 13:58:41 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 21
Apr 14 13:59:02 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 13:59:14 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 13:59:23 localhost dhclient: No DHCPOFFERS received.
Apr 14 13:59:23 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:05:01 localhost CRON[10498]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 14:05:04 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 14:05:08 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 14:05:18 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 14:05:25 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 14:05:33 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 14:05:43 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 14:05:52 localhost kernel: [ 1982.400023] composite sync not supported
Apr 14 14:05:56 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 14:06:05 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:06:05 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:09:01 localhost CRON[10635]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
Apr 14 14:11:20 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 14:11:24 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 14:11:33 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 14:11:45 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 19
Apr 14 14:12:04 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 17
Apr 14 14:12:21 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:12:21 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:15:01 localhost CRON[10833]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 14:16:46 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Apr 14 14:16:51 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Apr 14 14:17:01 localhost CRON[10897]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Apr 14 14:17:02 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 14:17:11 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Apr 14 14:17:22 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 14:17:35 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 14:17:47 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:17:47 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:22:15 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 14:22:19 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 14:22:28 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 21
Apr 14 14:22:49 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 18
Apr 14 14:23:07 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 14:23:16 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:23:16 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:25:01 localhost CRON[11160]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 14:25:46 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Apr 14 14:25:49 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 14:25:57 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 20
Apr 14 14:26:17 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 17
Apr 14 14:26:34 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 14:26:42 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Apr 14 14:26:47 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:26:47 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:27:21 localhost kernel: [ 3271.956022] composite sync not supported
Apr 14 14:33:42 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Apr 14 14:33:48 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 14:33:57 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Apr 14 14:34:11 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15
Apr 14 14:34:26 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 14:34:33 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 14:34:43 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:34:43 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:35:01 localhost CRON[11484]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 14:37:51 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 14:37:58 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Apr 14 14:38:12 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 14:38:19 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Apr 14 14:38:33 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 14:38:46 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Apr 14 14:38:52 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:38:52 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:39:01 localhost CRON[11618]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
Apr 14 14:45:01 localhost CRON[11806]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 14:46:20 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 14:46:24 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 14:46:33 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 16
Apr 14 14:46:49 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Apr 14 14:47:03 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Apr 14 14:47:14 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 14:47:21 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:47:21 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:53:21 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 14:53:28 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 14:53:40 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Apr 14 14:53:54 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 17
Apr 14 14:54:11 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Apr 14 14:54:22 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:54:22 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 14:55:01 localhost CRON[12129]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 14:58:25 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 14:58:29 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 14:58:33 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 14:58:43 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 16
Apr 14 14:58:59 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 16
Apr 14 14:59:15 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 14:59:23 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Apr 14 14:59:26 localhost dhclient: No DHCPOFFERS received.
Apr 14 14:59:26 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:01:07 localhost kernel: [ 5298.338559] composite sync not supported
Apr 14 15:05:01 localhost CRON[12445]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 15:05:45 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 15:05:49 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 15:05:57 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 15:06:05 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 21
Apr 14 15:06:26 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 15:06:34 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 15:06:44 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 2
Apr 14 15:06:46 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:06:46 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:09:01 localhost CRON[12592]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
Apr 14 15:11:31 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 15:11:38 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15
Apr 14 15:11:53 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Apr 14 15:12:07 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 15:12:20 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 15:12:32 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:12:32 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:15:01 localhost CRON[12790]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 15:16:55 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Apr 14 15:17:01 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Apr 14 15:17:02 localhost CRON[12854]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Apr 14 15:17:12 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 15:17:25 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15
Apr 14 15:17:40 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 15:17:50 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Apr 14 15:17:56 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:17:56 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:24:31 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Apr 14 15:24:36 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 15:24:44 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 15:24:56 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 16
Apr 14 15:25:01 localhost CRON[13106]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 15:25:12 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15
Apr 14 15:25:27 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Apr 14 15:25:32 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:25:32 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:29:47 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Apr 14 15:29:50 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Apr 14 15:29:56 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 15:30:09 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 15:30:16 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Apr 14 15:30:30 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 15:30:38 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 15:30:48 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:30:48 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:35:01 localhost CRON[13446]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 15:35:06 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 15:35:13 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 17
Apr 14 15:35:30 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 15:35:39 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 15:35:46 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 15:35:53 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 15:36:05 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 2
Apr 14 15:36:07 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:36:07 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:39:01 localhost CRON[13660]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
Apr 14 15:41:58 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 15:42:06 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
Apr 14 15:42:20 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr 14 15:42:33 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr 14 15:42:40 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 15:42:49 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr 14 15:42:59 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:42:59 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:45:01 localhost CRON[13858]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 15:46:07 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Apr 14 15:46:13 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 15:46:21 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Apr 14 15:46:48 localhost dhclient: last message repeated 2 times
Apr 14 15:46:48 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr 14 15:46:56 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr 14 15:47:08 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:47:08 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:48:19 localhost kernel: [ 8130.372534] composite sync not supported
Apr 14 15:52:34 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Apr 14 15:52:37 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
Apr 14 15:52:43 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Apr 14 15:52:54 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 18
Apr 14 15:53:12 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 19
Apr 14 15:53:31 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Apr 14 15:53:35 localhost dhclient: No DHCPOFFERS received.
Apr 14 15:53:35 localhost dhclient: No working leases in persistent database - sleeping.
Apr 14 15:55:01 localhost CRON[14187]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr 14 15:55:02 localhost kernel: Kernel logging (proc) stopped.
May 13 09:56:48 localhost kernel: imklog 4.2.0, log source = /proc/kmsg started.

[leeaman]

国安局上班的?格式化重装算了,费什么劲阿,你装ubuntu估计人家都不会用

[eexpress]

find带上-newer查找文件。
看log这太低等了。

[jtshs256]

lz太那啥了吧……

[Crazier]

你担心的话，安装个杀毒软件测试一下，bitdefender .对Linux用户免费的。

[semihuman]

linux给他后门他也不一定知道怎么玩

[月下叹逍遥]

对方的电脑水平？或者说linux水平？

[daf3707]

检验一下自己的检测水平，没自信重装之

[hcym]

心理有阴影

[zwdnet]

太长，分开贴

代码： 全选

syslog.1
Apr  1 14:55:34 localhost rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="372" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
Apr  1 14:57:11 localhost anacron[31468]: Job `cron.daily' terminated
Apr  1 14:57:11 localhost anacron[31468]: Normal exit (1 job run)
Apr  1 15:05:01 localhost CRON[964]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr  1 15:06:49 localhost AptDaemon: INFO: Initializing daemon
Apr  1 15:09:01 localhost CRON[1293]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
Apr  1 15:11:50 localhost AptDaemon: INFO: Quiting due to inactivity
Apr  1 15:11:50 localhost AptDaemon: INFO: Shutdown was requested
Apr  1 15:11:50 localhost AptDaemon: INFO: Initializing daemon
Apr  1 15:15:01 localhost CRON[1680]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr  1 15:15:52 localhost kernel: [174166.904016] composite sync not supported
Apr  1 15:15:52 localhost kernel: [174167.200280] composite sync not supported
Apr  1 15:15:52 localhost kernel: [174167.521169] composite sync not supported
Apr  1 15:15:52 localhost kernel: [174167.673993] composite sync not supported
Apr  1 15:15:53 localhost kernel: [174167.822529] composite sync not supported
Apr  1 15:15:53 localhost kernel: [174168.420271] ptrace of non-child pid 1738 was attempted by: wineserver (pid 1742)
Apr  1 15:16:20 localhost avahi-autoipd(eth0)[1825]: Found user 'avahi-autoipd' (UID 103) and group 'avahi-autoipd' (GID 110).
Apr  1 15:16:20 localhost avahi-autoipd(eth0)[1825]: Successfully called chroot().
Apr  1 15:16:20 localhost avahi-autoipd(eth0)[1825]: Successfully dropped root privileges.
Apr  1 15:16:20 localhost avahi-autoipd(eth0)[1825]: Starting with address 169.254.10.9
Apr  1 15:16:25 localhost avahi-autoipd(eth0)[1825]: Callout BIND, address 169.254.10.9 on interface eth0
Apr  1 15:16:25 localhost avahi-daemon[397]: Joining mDNS multicast group on interface eth0.IPv4 with address 169.254.10.9.
Apr  1 15:16:25 localhost avahi-daemon[397]: New relevant interface eth0.IPv4 for mDNS.
Apr  1 15:16:25 localhost avahi-daemon[397]: Registering new address record for 169.254.10.9 on eth0.IPv4.
Apr  1 15:16:29 localhost avahi-autoipd(eth0)[1825]: Successfully claimed IP address 169.254.10.9
Apr  1 15:16:29 localhost avahi-autoipd(eth0)[1825]: Got SIGTERM, quitting.
Apr  1 15:16:29 localhost avahi-autoipd(eth0)[1825]: Callout STOP, address 169.254.10.9 on interface eth0
Apr  1 15:16:29 localhost avahi-daemon[397]: Withdrawing address record for 169.254.10.9 on eth0.
Apr  1 15:16:29 localhost avahi-daemon[397]: Leaving mDNS multicast group on interface eth0.IPv4 with address 169.254.10.9.
Apr  1 15:16:29 localhost avahi-daemon[397]: Interface eth0.IPv4 no longer relevant for mDNS.
Apr  1 15:16:29 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Apr  1 15:16:34 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Apr  1 15:16:41 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr  1 15:16:51 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
Apr  1 15:16:51 localhost AptDaemon: INFO: Quiting due to inactivity
Apr  1 15:16:51 localhost AptDaemon: INFO: Shutdown was requested
Apr  1 15:16:51 localhost AptDaemon: INFO: Initializing daemon
Apr  1 15:17:01 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
Apr  1 15:17:01 localhost CRON[1891]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Apr  1 15:17:14 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 16
Apr  1 15:17:30 localhost dhclient: No DHCPOFFERS received.
Apr  1 15:17:30 localhost dhclient: No working leases in persistent database - sleeping.
Apr  1 15:17:30 localhost avahi-autoipd(eth0)[1933]: Found user 'avahi-autoipd' (UID 103) and group 'avahi-autoipd' (GID 110).
Apr  1 15:17:30 localhost avahi-autoipd(eth0)[1933]: Successfully called chroot().
Apr  1 15:17:30 localhost avahi-autoipd(eth0)[1933]: Successfully dropped root privileges.
Apr  1 15:17:30 localhost avahi-autoipd(eth0)[1933]: Starting with address 169.254.10.9
Apr  1 15:17:35 localhost avahi-autoipd(eth0)[1933]: Callout BIND, address 169.254.10.9 on interface eth0
Apr  1 15:17:35 localhost avahi-daemon[397]: Joining mDNS multicast group on interface eth0.IPv4 with address 169.254.10.9.
Apr  1 15:17:35 localhost avahi-daemon[397]: New relevant interface eth0.IPv4 for mDNS.
Apr  1 15:17:35 localhost avahi-daemon[397]: Registering new address record for 169.254.10.9 on eth0.IPv4.
Apr  1 15:17:39 localhost avahi-autoipd(eth0)[1933]: Successfully claimed IP address 169.254.10.9
Apr  1 15:21:12 localhost acpid: client connected from 2169[0:0]
Apr  1 15:21:12 localhost acpid: 1 client rule loaded
Apr  1 15:21:13 localhost kernel: [174488.436016] composite sync not supported
Apr  1 15:21:13 localhost kernel: [174488.464525] composite sync not supported
Apr  1 15:21:16 localhost kernel: [174491.207792] composite sync not supported
Apr  1 15:21:16 localhost kernel: [174491.244440] composite sync not supported
Apr  1 15:21:16 localhost kernel: [174491.299804] composite sync not supported
Apr  1 15:21:18 localhost gdm-simple-greeter[2210]: Gtk-WARNING: /build/buildd/gtk+2.0-2.20.1/gtk/gtkwidget.c:5636: widget not within a GtkWindow
Apr  1 15:21:22 localhost gdm-session-worker[2212]: GLib-GObject-CRITICAL: g_value_get_boolean: assertion `G_VALUE_HOLDS_BOOLEAN (value)' failed
Apr  1 15:21:52 localhost AptDaemon: INFO: Quiting due to inactivity
Apr  1 15:21:52 localhost AptDaemon: INFO: Shutdown was requested
Apr  1 15:21:52 localhost AptDaemon: INFO: Initializing daemon
Apr  1 15:22:19 localhost gdm-session-worker[2285]: GLib-GObject-CRITICAL: g_value_get_boolean: assertion `G_VALUE_HOLDS_BOOLEAN (value)' failed
Apr  1 15:23:36 localhost gdm-session-worker[2335]: GLib-GObject-CRITICAL: g_value_get_boolean: assertion `G_VALUE_HOLDS_BOOLEAN (value)' failed
Apr  1 15:23:56 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Apr  1 15:23:59 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Apr  1 15:24:02 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Apr  1 15:24:07 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Apr  1 15:24:12 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr  1 15:24:20 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
Apr  1 15:24:28 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 17
Apr  1 15:24:45 localhost dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
Apr  1 15:24:57 localhost dhclient: No DHCPOFFERS received.
Apr  1 15:24:57 localhost dhclient: No working leases in persistent database - sleeping.
Apr  1 15:25:01 localhost CRON[2475]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr  1 15:25:10 localhost gdm-session-worker[2421]: GLib-GObject-CRITICAL: g_value_get_boolean: assertion `G_VALUE_HOLDS_BOOLEAN (value)' failed
Apr  1 15:25:24 localhost acpid: client 1432[0:0] has disconnected
Apr  1 15:25:24 localhost acpid: client 2169[0:0] has disconnected
Apr  1 15:25:24 localhost acpid: client connected from 1432[0:0]
Apr  1 15:25:24 localhost acpid: 1 client rule loaded
Apr  1 15:25:24 localhost kernel: [174739.364536] composite sync not supported
Apr  1 15:26:53 localhost AptDaemon: INFO: Quiting due to inactivity
Apr  1 15:26:53 localhost AptDaemon: INFO: Shutdown was requested
Apr  1 15:28:23 localhost gnome-session[2630]: WARNING: Client '/org/gnome/SessionManager/Client81' failed to reply before timeout
Apr  1 15:28:23 localhost gnome-session[2630]: WARNING: Client '/org/gnome/SessionManager/Client5' failed to reply before timeout
Apr  1 15:28:23 localhost gnome-session[2630]: WARNING: Unable to find desktop file 'evolution-exchange-storage.desktop': 在搜索目录中无法找到有效的键文件
Apr  1 15:28:23 localhost gnome-session[2630]: WARNING: Unable to find desktop file 'gnome-evolution-exchange-storage.desktop': 在搜索目录中无法找到有效的键文件
Apr  1 15:28:23 localhost gnome-session[2630]: EggSMClient-WARNING: Desktop file '/home/zym/.local/share/applications/stardict.desktop' has malformed Icon key 'stardict.png'(should not include extension)
Apr  1 15:28:29 localhost acpid: exiting
Apr  1 15:28:29 localhost init: tty2 main process (1704) killed by TERM signal
Apr  1 15:28:29 localhost init: cron main process (1718) killed by TERM signal
Apr  1 15:28:29 localhost kernel: Kernel logging (proc) stopped.

Apr 14 13:33:18 localhost kernel: imklog 4.2.0, log source = /proc/kmsg started.
Apr 14 13:33:18 localhost rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="408" x-info="http://www.rsyslog.com"] (re)start
Apr 14 13:33:18 localhost rsyslogd: rsyslogd's groupid changed to 103
Apr 14 13:33:18 localhost rsyslogd: rsyslogd's userid changed to 101
Apr 14 13:33:18 localhost rsyslogd-2039: Could no open output file '/dev/xconsole' [try http://www.rsyslog.com/e/2039 ]
Apr 14 13:33:18 localhost kernel: [    0.000000] Initializing cgroup subsys cpuset
Apr 14 13:33:18 localhost kernel: [    0.000000] Initializing cgroup subsys cpu
Apr 14 13:33:18 localhost kernel: [    0.000000] Linux version 2.6.38-7-generic-pae (buildd@lakoocha) (gcc version 4.4.3 (Ubuntu 4.4.3-4ubuntu5) ) #37~lucid1-Ubuntu SMP Mon Mar 21 18:56:37 UTC 2011 (Ubuntu 2.6.38-7.37~lucid1-generic-pae 2.6.38)
Apr 14 13:33:18 localhost kernel: [    0.000000] BIOS-provided physical RAM map:
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 00000000000e2000 - 0000000000100000 (reserved)
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 0000000000100000 - 000000003f7a0000 (usable)
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 000000003f7a0000 - 000000003f7ae000 (ACPI data)
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 000000003f7ae000 - 000000003f7f0000 (ACPI NVS)
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 000000003f7f0000 - 000000003f800000 (reserved)
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
Apr 14 13:33:18 localhost kernel: [    0.000000]  BIOS-e820: 00000000fff80000 - 0000000100000000 (reserved)
Apr 14 13:33:18 localhost kernel: [    0.000000] NX (Execute Disable) protection: active
Apr 14 13:33:18 localhost kernel: [    0.000000] DMI present.
Apr 14 13:33:18 localhost kernel: [    0.000000] DMI: ASUSTeK Computer INC. 1000H/1000H, BIOS 2102    07/21/2009
Apr 14 13:33:18 localhost kernel: [    0.000000] e820 update range: 0000000000000000 - 0000000000010000 (usable) ==> (reserved)
Apr 14 13:33:18 localhost kernel: [    0.000000] e820 remove range: 00000000000a0000 - 0000000000100000 (usable)
Apr 14 13:33:18 localhost kernel: [    0.000000] last_pfn = 0x3f7a0 max_arch_pfn = 0x1000000
Apr 14 13:33:18 localhost kernel: [    0.000000] MTRR default type: uncachable
Apr 14 13:33:18 localhost kernel: [    0.000000] MTRR fixed ranges enabled:
Apr 14 13:33:18 localhost kernel: [    0.000000]   00000-9FFFF write-back
Apr 14 13:33:18 localhost kernel: [    0.000000]   A0000-DFFFF uncachable
Apr 14 13:33:18 localhost kernel: [    0.000000]   E0000-EFFFF write-through
Apr 14 13:33:18 localhost kernel: [    0.000000]   F0000-FFFFF write-protect
Apr 14 13:33:18 localhost kernel: [    0.000000] MTRR variable ranges enabled:
Apr 14 13:33:18 localhost kernel: [    0.000000]   0 base 000000000 mask 0C0000000 write-back
Apr 14 13:33:18 localhost kernel: [    0.000000]   1 base 03F800000 mask 0FF800000 uncachable
Apr 14 13:33:18 localhost kernel: [    0.000000]   2 disabled
Apr 14 13:33:18 localhost kernel: [    0.000000]   3 disabled
Apr 14 13:33:18 localhost kernel: [    0.000000]   4 disabled
Apr 14 13:33:18 localhost kernel: [    0.000000]   5 disabled
Apr 14 13:33:18 localhost kernel: [    0.000000]   6 disabled
Apr 14 13:33:18 localhost kernel: [    0.000000]   7 disabled
Apr 14 13:33:18 localhost kernel: [    0.000000] x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
Apr 14 13:33:18 localhost kernel: [    0.000000] found SMP MP-table at [c00ff780] ff780
Apr 14 13:33:18 localhost kernel: [    0.000000] initial memory mapped : 0 - 01e00000
Apr 14 13:33:18 localhost kernel: [    0.000000] init_memory_mapping: 0000000000000000-0000000037bfe000
Apr 14 13:33:18 localhost kernel: [    0.000000]  0000000000 - 0000200000 page 4k
Apr 14 13:33:18 localhost kernel: [    0.000000]  0000200000 - 0037a00000 page 2M
Apr 14 13:33:18 localhost kernel: [    0.000000]  0037a00000 - 0037bfe000 page 4k
Apr 14 13:33:18 localhost kernel: [    0.000000] kernel direct mapping tables up to 37bfe000 @ 1dfb000-1e00000
Apr 14 13:33:18 localhost kernel: [    0.000000] RAMDISK: 2f17d000 - 2f9f8000
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: RSDP 000fb9e0 00014 (v00 ACPIAM)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: RSDT 3f7a0000 0003C (v01 A_M_I_ OEMRSDT  07000921 MSFT 00000097)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: FACP 3f7a0200 00084 (v02 A_M_I_ OEMFACP  07000921 MSFT 00000097)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: DSDT 3f7a0430 05342 (v01  A1028 A1028000 00000000 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: FACS 3f7ae000 00040
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: APIC 3f7a0390 0005C (v01 A_M_I_ OEMAPIC  07000921 MSFT 00000097)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: MCFG 3f7a03f0 0003C (v01 A_M_I_ OEMMCFG  07000921 MSFT 00000097)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: OEMB 3f7ae040 00061 (v01 A_M_I_ AMI_OEM  07000921 MSFT 00000097)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: HPET 3f7a5780 00038 (v01 A_M_I_ OEMHPET  07000921 MSFT 00000097)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: SSDT 3f7aeb80 004F0 (v01  PmRef    CpuPm 00003000 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: Local APIC address 0xfee00000
Apr 14 13:33:18 localhost kernel: [    0.000000] 123MB HIGHMEM available.
Apr 14 13:33:18 localhost kernel: [    0.000000] 891MB LOWMEM available.
Apr 14 13:33:18 localhost kernel: [    0.000000]   mapped low ram: 0 - 37bfe000
Apr 14 13:33:18 localhost kernel: [    0.000000]   low ram: 0 - 37bfe000
Apr 14 13:33:18 localhost kernel: [    0.000000] Zone PFN ranges:
Apr 14 13:33:18 localhost kernel: [    0.000000]   DMA      0x00000010 -> 0x00001000
Apr 14 13:33:18 localhost kernel: [    0.000000]   Normal   0x00001000 -> 0x00037bfe
Apr 14 13:33:18 localhost kernel: [    0.000000]   HighMem  0x00037bfe -> 0x0003f7a0
Apr 14 13:33:18 localhost kernel: [    0.000000] Movable zone start PFN for each node
Apr 14 13:33:18 localhost kernel: [    0.000000] early_node_map[2] active PFN ranges
Apr 14 13:33:18 localhost kernel: [    0.000000]     0: 0x00000010 -> 0x0000009f
Apr 14 13:33:18 localhost kernel: [    0.000000]     0: 0x00000100 -> 0x0003f7a0
Apr 14 13:33:18 localhost kernel: [    0.000000] On node 0 totalpages: 259887
Apr 14 13:33:18 localhost kernel: [    0.000000] free_area_init_node: node 0, pgdat c17b8a00, node_mem_map f740d200
Apr 14 13:33:18 localhost kernel: [    0.000000]   DMA zone: 32 pages used for memmap
Apr 14 13:33:18 localhost kernel: [    0.000000]   DMA zone: 0 pages reserved
Apr 14 13:33:18 localhost kernel: [    0.000000]   DMA zone: 3951 pages, LIFO batch:0
Apr 14 13:33:18 localhost kernel: [    0.000000]   Normal zone: 1752 pages used for memmap
Apr 14 13:33:18 localhost kernel: [    0.000000]   Normal zone: 222502 pages, LIFO batch:31
Apr 14 13:33:18 localhost kernel: [    0.000000]   HighMem zone: 248 pages used for memmap
Apr 14 13:33:18 localhost kernel: [    0.000000]   HighMem zone: 31402 pages, LIFO batch:7
Apr 14 13:33:18 localhost kernel: [    0.000000] Using APIC driver default
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: PM-Timer IO Port: 0x808
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: Local APIC address 0xfee00000
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] enabled)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: LAPIC (acpi_id[0x02] lapic_id[0x01] enabled)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: IOAPIC (id[0x02] address[0xfec00000] gsi_base[0])
Apr 14 13:33:18 localhost kernel: [    0.000000] IOAPIC[0]: apic_id 2, version 32, address 0xfec00000, GSI 0-23
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: IRQ0 used by override.
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: IRQ2 used by override.
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: IRQ9 used by override.
Apr 14 13:33:18 localhost kernel: [    0.000000] Using ACPI (MADT) for SMP configuration information
Apr 14 13:33:18 localhost kernel: [    0.000000] ACPI: HPET id: 0xffffffff base: 0xfed00000
Apr 14 13:33:18 localhost kernel: [    0.000000] SMP: Allowing 2 CPUs, 0 hotplug CPUs
Apr 14 13:33:18 localhost kernel: [    0.000000] nr_irqs_gsi: 40
Apr 14 13:33:18 localhost kernel: [    0.000000] PM: Registered nosave memory: 000000000009f000 - 00000000000a0000
Apr 14 13:33:18 localhost kernel: [    0.000000] PM: Registered nosave memory: 00000000000a0000 - 00000000000e2000
Apr 14 13:33:18 localhost kernel: [    0.000000] PM: Registered nosave memory: 00000000000e2000 - 0000000000100000
Apr 14 13:33:18 localhost kernel: [    0.000000] Allocating PCI resources starting at 3f800000 (gap: 3f800000:bf600000)
Apr 14 13:33:18 localhost kernel: [    0.000000] Booting paravirtualized kernel on bare hardware
Apr 14 13:33:18 localhost kernel: [    0.000000] setup_percpu: NR_CPUS:8 nr_cpumask_bits:8 nr_cpu_ids:2 nr_node_ids:1
Apr 14 13:33:18 localhost kernel: [    0.000000] PERCPU: Embedded 13 pages/cpu @f7200000 s32320 r0 d20928 u1048576
Apr 14 13:33:18 localhost kernel: [    0.000000] pcpu-alloc: s32320 r0 d20928 u1048576 alloc=1*2097152
Apr 14 13:33:18 localhost kernel: [    0.000000] pcpu-alloc: [0] 0 1 
Apr 14 13:33:18 localhost kernel: [    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 257855
Apr 14 13:33:18 localhost kernel: [    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.38-7-generic-pae root=UUID=7d3ad042-4544-4dc8-8b11-2d28e5244ed8 ro quiet splash
Apr 14 13:33:18 localhost kernel: [    0.000000] PID hash table entries: 4096 (order: 2, 16384 bytes)
Apr 14 13:33:18 localhost kernel: [    0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Apr 14 13:33:18 localhost kernel: [    0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Apr 14 13:33:18 localhost kernel: [    0.000000] Initializing CPU#0
Apr 14 13:33:18 localhost kernel: [    0.000000] allocated 5199680 bytes of page_cgroup
Apr 14 13:33:18 localhost kernel: [    0.000000] please try 'cgroup_disable=memory' option if you don't want memory cgroups
Apr 14 13:33:18 localhost kernel: [    0.000000] Initializing HighMem for node 0 (00037bfe:0003f7a0)
Apr 14 13:33:18 localhost kernel: [    0.000000] Memory: 1007060k/1040000k available (5335k kernel code, 32488k reserved, 2605k data, 752k init, 126600k highmem)
Apr 14 13:33:18 localhost kernel: [    0.000000] virtual kernel memory layout:
Apr 14 13:33:18 localhost kernel: [    0.000000]     fixmap  : 0xfff16000 - 0xfffff000   ( 932 kB)
Apr 14 13:33:18 localhost kernel: [    0.000000]     pkmap   : 0xffc00000 - 0xffe00000   (2048 kB)
Apr 14 13:33:18 localhost kernel: [    0.000000]     vmalloc : 0xf83fe000 - 0xffbfe000   ( 120 MB)
Apr 14 13:33:18 localhost kernel: [    0.000000]     lowmem  : 0xc0000000 - 0xf7bfe000   ( 891 MB)
Apr 14 13:33:18 localhost kernel: [    0.000000]       .init : 0xc17c2000 - 0xc187e000   ( 752 kB)
Apr 14 13:33:18 localhost kernel: [    0.000000]       .data : 0xc1535fc6 - 0xc17c1500   (2605 kB)
Apr 14 13:33:18 localhost kernel: [    0.000000]       .text : 0xc1000000 - 0xc1535fc6   (5335 kB)
Apr 14 13:33:18 localhost kernel: [    0.000000] Checking if this processor honours the WP bit even in supervisor mode...Ok.
Apr 14 13:33:18 localhost kernel: [    0.000000] SLUB: Genslabs=15, HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
Apr 14 13:33:18 localhost kernel: [    0.000000] Hierarchical RCU implementation.
Apr 14 13:33:18 localhost kernel: [    0.000000] 	RCU dyntick-idle grace-period acceleration is enabled.
Apr 14 13:33:18 localhost kernel: [    0.000000] 	RCU-based detection of stalled CPUs is disabled.
Apr 14 13:33:18 localhost kernel: [    0.000000] NR_IRQS:2304 nr_irqs:512 16
Apr 14 13:33:18 localhost kernel: [    0.000000] CPU 0 irqstacks, hard=f6808000 soft=f680a000
Apr 14 13:33:18 localhost kernel: [    0.000000] Console: colour VGA+ 80x25
Apr 14 13:33:18 localhost kernel: [    0.000000] console [tty0] enabled
Apr 14 13:33:18 localhost kernel: [    0.000000] hpet clockevent registered
Apr 14 13:33:18 localhost kernel: [    0.000000] Fast TSC calibration using PIT
Apr 14 13:33:18 localhost kernel: [    0.000000] Detected 1595.911 MHz processor.
Apr 14 13:33:18 localhost kernel: [    0.004006] Calibrating delay loop (skipped), value calculated using timer frequency.. 3191.82 BogoMIPS (lpj=6383644)
Apr 14 13:33:18 localhost kernel: [    0.004018] pid_max: default: 32768 minimum: 301
Apr 14 13:33:18 localhost kernel: [    0.004072] Security Framework initialized
Apr 14 13:33:18 localhost kernel: [    0.004113] AppArmor: AppArmor initialized
Apr 14 13:33:18 localhost kernel: [    0.004117] Yama: becoming mindful.
Apr 14 13:33:18 localhost kernel: [    0.004255] Mount-cache hash table entries: 512
Apr 14 13:33:18 localhost kernel: [    0.004548] Initializing cgroup subsys ns
Apr 14 13:33:18 localhost kernel: [    0.004557] ns_cgroup deprecated: consider using the 'clone_children' flag without the ns_cgroup.
Apr 14 13:33:18 localhost kernel: [    0.004565] Initializing cgroup subsys cpuacct
Apr 14 13:33:18 localhost kernel: [    0.004578] Initializing cgroup subsys memory
Apr 14 13:33:18 localhost kernel: [    0.004599] Initializing cgroup subsys devices
Apr 14 13:33:18 localhost kernel: [    0.004605] Initializing cgroup subsys freezer
Apr 14 13:33:18 localhost kernel: [    0.004611] Initializing cgroup subsys net_cls
Apr 14 13:33:18 localhost kernel: [    0.004617] Initializing cgroup subsys blkio
Apr 14 13:33:18 localhost kernel: [    0.004688] CPU: Physical Processor ID: 0
Apr 14 13:33:18 localhost kernel: [    0.008011] CPU: Processor Core ID: 0
Apr 14 13:33:18 localhost kernel: [    0.008018] mce: CPU supports 5 MCE banks
Apr 14 13:33:18 localhost kernel: [    0.008036] CPU0: Thermal monitoring enabled (TM2)
Apr 14 13:33:18 localhost kernel: [    0.008045] using mwait in idle threads.
Apr 14 13:33:18 localhost kernel: [    0.013595] ACPI: Core revision 20110112
Apr 14 13:33:18 localhost kernel: [    0.024039] ftrace: allocating 23569 entries in 47 pages
Apr 14 13:33:18 localhost kernel: [    0.032123] Enabling APIC mode:  Flat.  Using 1 I/O APICs
Apr 14 13:33:18 localhost kernel: [    0.032540] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
Apr 14 13:33:18 localhost kernel: [    0.073318] CPU0: Intel(R) Atom(TM) CPU N270   @ 1.60GHz stepping 02
Apr 14 13:33:18 localhost kernel: [    0.076004] Performance Events: PEBS fmt0+, Atom events, Intel PMU driver.
Apr 14 13:33:18 localhost kernel: [    0.076004] ... version:                3
Apr 14 13:33:18 localhost kernel: [    0.076004] ... bit width:              40
Apr 14 13:33:18 localhost kernel: [    0.076004] ... generic registers:      2
Apr 14 13:33:18 localhost kernel: [    0.076004] ... value mask:             000000ffffffffff
Apr 14 13:33:18 localhost kernel: [    0.076004] ... max period:             000000007fffffff
Apr 14 13:33:18 localhost kernel: [    0.076004] ... fixed-purpose events:   3
Apr 14 13:33:18 localhost kernel: [    0.076004] ... event mask:             0000000700000003
Apr 14 13:33:18 localhost kernel: [    0.076004] CPU 1 irqstacks, hard=f68aa000 soft=f68ac000
Apr 14 13:33:18 localhost kernel: [    0.076004] Booting Node   0, Processors  #1 Ok.
Apr 14 13:33:18 localhost kernel: [    0.008000] Initializing CPU#1
Apr 14 13:33:18 localhost kernel: [    0.164049] Brought up 2 CPUs
Apr 14 13:33:18 localhost kernel: [    0.164059] Total of 2 processors activated (6383.76 BogoMIPS).
Apr 14 13:33:18 localhost kernel: [    0.164466] devtmpfs: initialized
Apr 14 13:33:18 localhost kernel: [    0.168440] print_constraints: dummy: 
Apr 14 13:33:18 localhost kernel: [    0.168488] Time: 13:32:50  Date: 04/14/11
Apr 14 13:33:18 localhost kernel: [    0.168586] NET: Registered protocol family 16
Apr 14 13:33:18 localhost kernel: [    0.168617] Trying to unpack rootfs image as initramfs...
Apr 14 13:33:18 localhost kernel: [    0.169015] EISA bus registered
Apr 14 13:33:18 localhost kernel: [    0.169069] ACPI: bus type pci registered
Apr 14 13:33:18 localhost kernel: [    0.169319] PCI: MMCONFIG for domain 0000 [bus 00-3f] at [mem 0xe0000000-0xe3ffffff] (base 0xe0000000)
Apr 14 13:33:18 localhost kernel: [    0.169330] PCI: not using MMCONFIG
Apr 14 13:33:18 localhost kernel: [    0.169620] PCI : PCI BIOS aera is rw and x. Use pci=nobios if you want it NX.
Apr 14 13:33:18 localhost kernel: [    0.169750] PCI: PCI BIOS revision 3.00 entry at 0xf0031, last bus=5
Apr 14 13:33:18 localhost kernel: [    0.169758] PCI: Using configuration type 1 for base access
Apr 14 13:33:18 localhost kernel: [    0.174387] bio: create slab <bio-0> at 0
Apr 14 13:33:18 localhost kernel: [    0.178743] ACPI: EC: Look up EC in DSDT
Apr 14 13:33:18 localhost kernel: [    0.182904] ACPI: Executed 1 blocks of module-level executable AML code
Apr 14 13:33:18 localhost kernel: [    0.193160] ACPI: SSDT 3f7ae180 0023C (v01  PmRef  Cpu0Ist 00003000 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.194171] ACPI: Dynamic OEM Table Load:
Apr 14 13:33:18 localhost kernel: [    0.194183] ACPI: SSDT   (null) 0023C (v01  PmRef  Cpu0Ist 00003000 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.194759] ACPI: SSDT 3f7ae450 00724 (v01  PmRef  Cpu0Cst 00003001 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.195700] ACPI: Dynamic OEM Table Load:
Apr 14 13:33:18 localhost kernel: [    0.195711] ACPI: SSDT   (null) 00724 (v01  PmRef  Cpu0Cst 00003001 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.196866] ACPI: SSDT 3f7ae0b0 000CC (v01  PmRef  Cpu1Ist 00003000 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.197847] ACPI: Dynamic OEM Table Load:
Apr 14 13:33:18 localhost kernel: [    0.197859] ACPI: SSDT   (null) 000CC (v01  PmRef  Cpu1Ist 00003000 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.198237] ACPI: SSDT 3f7ae3c0 00085 (v01  PmRef  Cpu1Cst 00003000 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.199188] ACPI: Dynamic OEM Table Load:
Apr 14 13:33:18 localhost kernel: [    0.199200] ACPI: SSDT   (null) 00085 (v01  PmRef  Cpu1Cst 00003000 INTL 20051117)
Apr 14 13:33:18 localhost kernel: [    0.200210] ACPI: Interpreter enabled
Apr 14 13:33:18 localhost kernel: [    0.200230] ACPI: (supports S0 S3 S4 S5)
Apr 14 13:33:18 localhost kernel: [    0.200304] ACPI: Using IOAPIC for interrupt routing
Apr 14 13:33:18 localhost kernel: [    0.200399] PCI: MMCONFIG for domain 0000 [bus 00-3f] at [mem 0xe0000000-0xe3ffffff] (base 0xe0000000)
Apr 14 13:33:18 localhost kernel: [    0.202053] PCI: MMCONFIG at [mem 0xe0000000-0xe3ffffff] reserved in ACPI motherboard resources
Apr 14 13:33:18 localhost kernel: [    0.202063] PCI: Using MMCONFIG for extended config space
Apr 14 13:33:18 localhost kernel: [    0.219533] ACPI: EC: GPE = 0x1c, I/O: command/status = 0x66, data = 0x62
Apr 14 13:33:18 localhost kernel: [    0.219991] ACPI: No dock devices found.
Apr 14 13:33:18 localhost kernel: [    0.219999] HEST: Table not found.
Apr 14 13:33:18 localhost kernel: [    0.220025] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
Apr 14 13:33:18 localhost kernel: [    0.220312] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
Apr 14 13:33:18 localhost kernel: [    0.220997] pci_root PNP0A08:00: host bridge window [io  0x0000-0x0cf7]
Apr 14 13:33:18 localhost kernel: [    0.221010] pci_root PNP0A08:00: host bridge window [io  0x0d00-0xffff]
Apr 14 13:33:18 localhost kernel: [    0.221021] pci_root PNP0A08:00: host bridge window [mem 0x000a0000-0x000bffff]
Apr 14 13:33:18 localhost kernel: [    0.221031] pci_root PNP0A08:00: host bridge window [mem 0x000d0000-0x000dffff]
Apr 14 13:33:18 localhost kernel: [    0.221040] pci_root PNP0A08:00: host bridge window [mem 0x3f800000-0xffffffff]
Apr 14 13:33:18 localhost kernel: [    0.221085] pci 0000:00:00.0: [8086:27ac] type 0 class 0x000600
Apr 14 13:33:18 localhost kernel: [    0.221176] pci 0000:00:02.0: [8086:27ae] type 0 class 0x000300
Apr 14 13:33:18 localhost kernel: [    0.221201] pci 0000:00:02.0: reg 10: [mem 0xf7f00000-0xf7f7ffff]
Apr 14 13:33:18 localhost kernel: [    0.221217] pci 0000:00:02.0: reg 14: [io  0xdc00-0xdc07]
Apr 14 13:33:18 localhost kernel: [    0.221233] pci 0000:00:02.0: reg 18: [mem 0xd0000000-0xdfffffff pref]
Apr 14 13:33:18 localhost kernel: [    0.221248] pci 0000:00:02.0: reg 1c: [mem 0xf7ec0000-0xf7efffff]
Apr 14 13:33:18 localhost kernel: [    0.221320] pci 0000:00:02.1: [8086:27a6] type 0 class 0x000380
Apr 14 13:33:18 localhost kernel: [    0.221341] pci 0000:00:02.1: reg 10: [mem 0xf7f80000-0xf7ffffff]
Apr 14 13:33:18 localhost kernel: [    0.221496] pci 0000:00:1b.0: [8086:27d8] type 0 class 0x000403
Apr 14 13:33:18 localhost kernel: [    0.221534] pci 0000:00:1b.0: reg 10: [mem 0xf7eb8000-0xf7ebbfff 64bit]
Apr 14 13:33:18 localhost kernel: [    0.221652] pci 0000:00:1b.0: PME# supported from D0 D3hot D3cold
Apr 14 13:33:18 localhost kernel: [    0.221664] pci 0000:00:1b.0: PME# disabled
Apr 14 13:33:18 localhost kernel: [    0.221715] pci 0000:00:1c.0: [8086:27d0] type 1 class 0x000604
Apr 14 13:33:18 localhost kernel: [    0.221842] pci 0000:00:1c.0: PME# supported from D0 D3hot D3cold
Apr 14 13:33:18 localhost kernel: [    0.221857] pci 0000:00:1c.0: PME# disabled
Apr 14 13:33:18 localhost kernel: [    0.221917] pci 0000:00:1c.1: [8086:27d2] type 1 class 0x000604
Apr 14 13:33:18 localhost kernel: [    0.222045] pci 0000:00:1c.1: PME# supported from D0 D3hot D3cold
Apr 14 13:33:18 localhost kernel: [    0.222057] pci 0000:00:1c.1: PME# disabled
Apr 14 13:33:18 localhost kernel: [    0.222115] pci 0000:00:1c.3: [8086:27d6] type 1 class 0x000604
Apr 14 13:33:18 localhost kernel: [    0.222235] pci 0000:00:1c.3: PME# supported from D0 D3hot D3cold
Apr 14 13:33:18 localhost kernel: [    0.222247] pci 0000:00:1c.3: PME# disabled
Apr 14 13:33:18 localhost kernel: [    0.222304] pci 0000:00:1d.0: [8086:27c8] type 0 class 0x000c03
Apr 14 13:33:18 localhost kernel: [    0.222386] pci 0000:00:1d.0: reg 20: [io  0xd400-0xd41f]
Apr 14 13:33:18 localhost kernel: [    0.222454] pci 0000:00:1d.1: [8086:27c9] type 0 class 0x000c03
Apr 14 13:33:18 localhost kernel: [    0.222536] pci 0000:00:1d.1: reg 20: [io  0xd480-0xd49f]
Apr 14 13:33:18 localhost kernel: [    0.222605] pci 0000:00:1d.2: [8086:27ca] type 0 class 0x000c03
Apr 14 13:33:18 localhost kernel: [    0.222692] pci 0000:00:1d.2: reg 20: [io  0xd800-0xd81f]
Apr 14 13:33:18 localhost kernel: [    0.222762] pci 0000:00:1d.3: [8086:27cb] type 0 class 0x000c03
Apr 14 13:33:18 localhost kernel: [    0.222844] pci 0000:00:1d.3: reg 20: [io  0xd880-0xd89f]
Apr 14 13:33:18 localhost kernel: [    0.222928] pci 0000:00:1d.7: [8086:27cc] type 0 class 0x000c03
Apr 14 13:33:18 localhost kernel: [    0.222967] pci 0000:00:1d.7: reg 10: [mem 0xf7eb7c00-0xf7eb7fff]

[zwdnet]

国安局上班的?格式化重装算了,费什么劲阿,你装ubuntu估计人家都不会用

差不多就是那么回事吧。除了重装，是不是还要MAC伪装？至少人家是登录进来了。

[zwdnet]

find带上-newer查找文件。
看log这太低等了。

谢谢，正在用“sudo find -ctime 44”查呢。

[zwdnet]

你担心的话，安装个杀毒软件测试一下，bitdefender .对Linux用户免费的。

杀毒软件已经装了，clamAV，可是现在我担心的是背后有双眼睛盯着啊，类似《1984》的那种......

[zwdnet]

对方的电脑水平？或者说linux水平？

这就不好说了，该删的东西都没删，fq软件是今天取电脑的时侯让我自己当面删掉的，而且看日志只有4月1日和14日登录过，但是扣了这么长时间才还我，难免怀疑他们干了什么。或许就是我的心理问题，不管扣什么人家总要拖上几个月才还你，这是“惯例”？

[iamfbi]

对方的电脑水平？或者说linux水平？

这就不好说了，该删的东西都没删，fq软件是今天取电脑的时侯让我自己当面删掉的，而且看日志只有4月1日和14日登录过，但是扣了这么长时间才还我，难免怀疑他们干了什么。或许就是我的心理问题，不管扣什么人家总要拖上几个月才还你，这是“惯例”？

不奇怪吧，机构办事就是拖。。。
技术人家肯定是有的，把你电脑翻了遍都行。。