What could be the cause of my event logs to have been cleared at 01:15 last night, other than me going into event viewer and clearing them? (which I didn't do).
Background :
I've an old Pentium 3 machine running XP Pro that acts as an occasional FTP Server, using IIS. Most of the time it's not even switched on, but when it is, there is a rule in my NAT enabled router that gives access to it to the internet by port 21 only.
I access it on the local network via Remote Desktop.
I'd left it switched on yesterday as, after having applied the latest Microsoft patches, I thought I'd run CHKDSK, ccleaner and then defrag it. I left it defragging.
Today I went to look at the event log, where the boot-time CHKDSK will record anything interesting about what it found, only to discover that at 01:15, all the event logs had been cleared! I cannot say for certain if I was logged into the machine at 01:!5 or not (you know how time flies when you're fiddling with computers!) and it may be that I'd run ccleaner about that time, though I would have guessed it was a fair bit earlier than that.
I don't think ccleaner resets the event viewer. It doesn't on other computers I've run it on. and I'm certain I didn't clear the event logs using event viewer.
Could it have been hacked and the event log cleared to cover tracks?
A virus scan hasn't picked anything up, and so far I've not noticed anything else different, other than some temporary folders getting created, also at 01:15. This makes me more suspicious!
Thoughts?
Ian