We have seen quite a few blogs hacked because WordPress was NOT updated on a timely manner. If you are seeing strange links in URL with eval, that means your blog is hacked.
Use phpmyadmin or shell mysql command to replace some bad stuff:
mysql> update wp_options set option_value=” where option_name=’_transient_rewrite_rules’;
mysql> select * from wp_options where option_name=’permalink_structure’;
Check the above SQL select and see if you have any strange functions or code in wp_options field. Replace as required, for example:
mysql> update wp_options set option_value=’/%year%/%monthnum%/%postname%/’ where option_name=’permalink_structure’;