Here is a somewhat in depth discussion of sticking code into SQL Server 2000 to bypass pretty much any security or logging. So in other words - just because it isn't in your logs, doesn't mean you aren't hacked.
http://www.ngssoftware.com/papers/violating_database_security.pdf