Ru-Board.club
← Вернуться в раздел «В помощь системному администратору»

» Тормоза и подвисание windows 2003

Автор: grab3
Дата сообщения: 17.02.2009 08:54
Имею сервер(Intel Xeon 4 x 3.0Ггц под Windows 2003, Терминалы, Active Directory. На сервере работают около 20 пользователей. Неожиданно начались жуткие тормоза.
1. Антивирусы ничего не показывают. Резидентно запущен McAfee, еще проверял Касперским, ДрВебом и Майкрософтовкой утилитой от зловредов.
2. Температура процессоров нормальная
3. При визуальном осмотре процессов ничего подозрительного не обнаружено

Ощущение, что вирь запускается в качестве драйвера или инфицирует системные файлы.
Единственное, что настараживает это постоянные соединения которые устанавливаются с сервера с другими машинами в сети(такой бешеной активности быть не должно, 1с в терминалах)(Сервер 254):


Код:

ЂЄвЁў-лҐ Ї®¤Є«озҐ-Ёп

€¬п ‹®Є «м-л©  ¤аҐб ‚-Ґи-Ё©  ¤аҐб ‘®бв®п-ЁҐ PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1580
[inetinfo.exe]

TCP 0.0.0.0:42 0.0.0.0:0 LISTENING 2968
[wins.exe]

TCP 0.0.0.0:53 0.0.0.0:0 LISTENING 1460
[dns.exe]

TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1388
[2XProxyGateway.exe]

TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 412
[lsass.exe]

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 716
RpcSs
[svchost.exe]

TCP 0.0.0.0:251 0.0.0.0:0 LISTENING 2488
TapiSrv
[svchost.exe]

TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 412
[lsass.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[‘Ёб⥬ ]

TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 412
[lsass.exe]

TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 716
RpcSs
[svchost.exe]

TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 412
[lsass.exe]

TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 412
[lsass.exe]

TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING 412
[lsass.exe]

TCP 0.0.0.0:1040 0.0.0.0:0 LISTENING 1460
[dns.exe]

TCP 0.0.0.0:1051 0.0.0.0:0 LISTENING 1580
[inetinfo.exe]

TCP 0.0.0.0:1073 0.0.0.0:0 LISTENING 2160
[ntfrs.exe]

TCP 0.0.0.0:1126 0.0.0.0:0 LISTENING 2508
[lserver.exe]

TCP 0.0.0.0:1132 0.0.0.0:0 LISTENING 2968
[wins.exe]

TCP 0.0.0.0:1235 0.0.0.0:0 LISTENING 3148
[tcpsvcs.exe]

TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4
[‘Ёб⥬ ]

TCP 0.0.0.0:3057 0.0.0.0:0 LISTENING 2268
[QLoadSMD.exe]

TCP 0.0.0.0:3058 0.0.0.0:0 LISTENING 2268
[QLoadSMD.exe]

TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 412
[lsass.exe]

TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 412
[lsass.exe]

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 3380
TermService
[svchost.exe]

TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING 2400
[r_server.exe]

TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 3000
[WinVNC.exe]

TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 3000
[WinVNC.exe]

TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 1568
[icecastService.exe]

TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 1568
[icecastService.exe]

TCP 0.0.0.0:8081 0.0.0.0:0 LISTENING 2840
[httpd.exe]

TCP 0.0.0.0:20002 0.0.0.0:0 LISTENING 1360
[2XAppSrvr.exe]

TCP 127.0.0.1:30003 0.0.0.0:0 LISTENING 1360
[2XAppSrvr.exe]

TCP 192.168.1.254:139 0.0.0.0:0 LISTENING 4
[‘Ёб⥬ ]

TCP 127.0.0.1:389 127.0.0.1:1031 ESTABLISHED 412
[lsass.exe]

TCP 127.0.0.1:389 127.0.0.1:1034 ESTABLISHED 412
[lsass.exe]

TCP 127.0.0.1:389 127.0.0.1:1035 ESTABLISHED 412
[lsass.exe]

TCP 127.0.0.1:389 127.0.0.1:4882 ESTABLISHED 412
[lsass.exe]

TCP 127.0.0.1:445 127.0.0.1:4565 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 127.0.0.1:445 127.0.0.1:1613 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 127.0.0.1:445 127.0.0.1:4104 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 127.0.0.1:1031 127.0.0.1:389 ESTABLISHED 1640
[ismserv.exe]

TCP 127.0.0.1:1034 127.0.0.1:389 ESTABLISHED 1640
[ismserv.exe]

TCP 127.0.0.1:1035 127.0.0.1:389 ESTABLISHED 1640
[ismserv.exe]

TCP 127.0.0.1:1613 127.0.0.1:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 127.0.0.1:4056 127.0.0.1:4057 ESTABLISHED 6792
[firefox.exe]

TCP 127.0.0.1:4057 127.0.0.1:4056 ESTABLISHED 6792
[firefox.exe]

TCP 127.0.0.1:4104 127.0.0.1:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 127.0.0.1:4254 127.0.0.1:4255 ESTABLISHED 6792
[firefox.exe]

TCP 127.0.0.1:4255 127.0.0.1:4254 ESTABLISHED 6792
[firefox.exe]

TCP 127.0.0.1:4565 127.0.0.1:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 127.0.0.1:4882 127.0.0.1:389 ESTABLISHED 1460
[dns.exe]

TCP 192.168.1.254:135 192.168.1.254:1155 ESTABLISHED 716
RpcSs
[svchost.exe]

TCP 192.168.1.254:139 192.168.1.37:4346 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:139 192.168.1.30:1040 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:139 192.168.1.206:2700 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:139 192.168.1.5:1598 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:389 192.168.1.254:1281 ESTABLISHED 412
[lsass.exe]

TCP 192.168.1.254:445 192.168.1.202:1228 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.2.104:4178 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.59:1302 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.57:1750 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.206:4638 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.23:1233 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.202:1089 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.38:1072 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.28:1507 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.203:1251 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:445 192.168.1.44:4128 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:1025 192.168.1.206:4632 ESTABLISHED 412
[lsass.exe]

TCP 192.168.1.254:1025 192.168.1.28:4917 ESTABLISHED 412
[lsass.exe]

TCP 192.168.1.254:1025 192.168.1.254:1156 ESTABLISHED 412
[lsass.exe]

TCP 192.168.1.254:1025 192.168.1.254:3133 ESTABLISHED 412
[lsass.exe]

TCP 192.168.1.254:1025 192.168.1.254:1081 ESTABLISHED 412
[lsass.exe]

TCP 192.168.1.254:1081 192.168.1.254:1025 ESTABLISHED 2160
[ntfrs.exe]

TCP 192.168.1.254:1145 192.168.1.39:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:1147 192.168.1.39:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:1149 192.168.1.39:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:1155 192.168.1.254:135 ESTABLISHED 1412
[Dfssvc.exe]

TCP 192.168.1.254:1156 192.168.1.254:1025 ESTABLISHED 1412
[Dfssvc.exe]

TCP 192.168.1.254:1157 192.168.3.199:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:1281 192.168.1.254:389 ESTABLISHED 2160
[ntfrs.exe]

TCP 192.168.1.254:3133 192.168.1.254:1025 ESTABLISHED 412
[lsass.exe]

TCP 192.168.1.254:3389 192.168.1.3:4565 ESTABLISHED 3380
TermService
[svchost.exe]

TCP 192.168.1.254:3389 192.168.1.44:4142 ESTABLISHED 3380
TermService
[svchost.exe]

TCP 192.168.1.254:3389 192.168.1.5:2546 ESTABLISHED 3380
TermService
[svchost.exe]

TCP 192.168.1.254:3389 192.168.1.37:1899 ESTABLISHED 3380
TermService
[svchost.exe]

TCP 192.168.1.254:3454 192.168.2.1:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:3725 192.168.2.1:445 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:4038 192.168.1.44:139 ESTABLISHED 4
[‘Ёб⥬ ]

TCP 192.168.1.254:1140 192.168.1.254:389 CLOSE_WAIT 3148
[tcpsvcs.exe]

TCP 192.168.1.254:2096 192.168.1.254:389 CLOSE_WAIT 832
RemoteAccess
[svchost.exe]

TCP 192.168.1.254:2140 192.168.1.254:389 CLOSE_WAIT 3148
[tcpsvcs.exe]

TCP 127.0.0.1:4914 127.0.0.1:445 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4994 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.3:4566 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.37:4498 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:1123 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:1044 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4829 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.59:3356 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:1125 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.203:1281 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4998 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:1122 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:1041 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4828 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.39:2306 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.57:1752 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4988 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4999 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.57:1753 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.37:4499 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4962 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4996 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:1045 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.28:4920 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.59:3357 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.23:1314 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:1127 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.203:1280 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:1046 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.3:4568 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.44:4150 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.202:1227 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.44:4149 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.202:1226 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4977 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.254:4889 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.206:4633 TIME_WAIT 0
TCP 192.168.1.254:389 192.168.1.23:1315 TIME_WAIT 0
TCP 192.168.1.254:1026 192.168.1.254:445 TIME_WAIT 0
TCP 192.168.1.254:1030 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1033 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1042 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1052 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:1062 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1064 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1066 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1075 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:1086 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1088 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1090 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1100 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:1110 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1112 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1114 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:1120 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:1122 192.168.1.254:389 TIME_WAIT 0
TCP 192.168.1.254:1123 192.168.1.254:389 TIME_WAIT 0
TCP 192.168.1.254:1124 192.168.1.254:389 TIME_WAIT 0
TCP 192.168.1.254:1125 192.168.1.254:389 TIME_WAIT 0
TCP 192.168.1.254:1127 192.168.1.254:389 TIME_WAIT 0
TCP 192.168.1.254:1128 192.168.1.254:389 TIME_WAIT 0
TCP 192.168.1.254:1129 192.168.1.254:445 TIME_WAIT 0
TCP 192.168.1.254:1130 192.168.1.254:445 TIME_WAIT 0
TCP 192.168.1.254:1134 192.168.1.254:445 TIME_WAIT 0
TCP 192.168.1.254:4797 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4799 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4801 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4807 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:4822 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4824 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4826 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4830 192.168.1.254:445 TIME_WAIT 0
TCP 192.168.1.254:4832 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:4849 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4851 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4853 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4855 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:4869 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4871 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4873 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4879 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:4889 192.168.1.254:389 TIME_WAIT 0
TCP 192.168.1.254:4890 192.168.1.254:389 TIME_WAIT 0
TCP 192.168.1.254:4891 192.168.1.254:445 TIME_WAIT 0
TCP 192.168.1.254:4897 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4900 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4902 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4904 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:4920 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4922 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4924 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:4926 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4946 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4948 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4950 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4952 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:4963 192.168.1.254:445 TIME_WAIT 0
TCP 192.168.1.254:4969 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4971 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:4973 192.168.3.199:445 TIME_WAIT 0
TCP 192.168.1.254:4975 192.168.1.39:445 TIME_WAIT 0
TCP 192.168.1.254:5000 192.168.1.254:445 TIME_WAIT 0
UDP 0.0.0.0:42 *:* 2968
[wins.exe]

UDP 0.0.0.0:1029 *:* 1460
[dns.exe]

UDP 0.0.0.0:123 *:* 2212
[ntpd.exe]

UDP 0.0.0.0:4500 *:* 412
[lsass.exe]

UDP 0.0.0.0:1701 *:* 4
[‘Ёб⥬ ]

UDP 0.0.0.0:500 *:* 412
[lsass.exe]

UDP 0.0.0.0:445 *:* 4
[‘Ёб⥬ ]

UDP 0.0.0.0:1313 *:* 832
RemoteAccess
[svchost.exe]

UDP 0.0.0.0:20000 *:* 1360
[2XAppSrvr.exe]

UDP 0.0.0.0:1241 *:* 1268
[spoolsv.exe]

UDP 0.0.0.0:3456 *:* 1580
[inetinfo.exe]

UDP 127.0.0.1:3920 *:* 7908
[winlogon.exe]

UDP 127.0.0.1:4947 *:* 4308
[winlogon.exe]

UDP 127.0.0.1:3405 *:* 6420
[winlogon.exe]

UDP 127.0.0.1:1131 *:* 2968
[wins.exe]

UDP 127.0.0.1:1139 *:* 3148
[tcpsvcs.exe]

UDP 127.0.0.1:53 *:* 1460
[dns.exe]

UDP 127.0.0.1:1078 *:* 2160
[ntfrs.exe]

UDP 127.0.0.1:4536 *:* 9668
[winlogon.exe]

UDP 127.0.0.1:2095 *:* 832
RemoteAccess
[svchost.exe]

UDP 127.0.0.1:3456 *:* 1580
[inetinfo.exe]

UDP 127.0.0.1:1312 *:* 832
RemoteAccess
[svchost.exe]

UDP 127.0.0.1:1311 *:* 832
RemoteAccess
[svchost.exe]

UDP 127.0.0.1:1036 *:* 1460
[dns.exe]

UDP 127.0.0.1:1030 *:* 1640
[ismserv.exe]

UDP 127.0.0.1:1145 *:* 2508
[lserver.exe]

UDP 127.0.0.1:1028 *:* 1460
[dns.exe]

UDP 127.0.0.1:1283 *:* 352
[winlogon.exe]

UDP 127.0.0.1:123 *:* 2212
[ntpd.exe]

UDP 127.0.0.1:3186 *:* 1652
[llssrv.exe]

UDP 127.0.0.1:3581 *:* 5340
[winlogon.exe]

UDP 127.0.0.1:1417 *:* 1268
[spoolsv.exe]

UDP 127.0.0.1:1973 *:* 2488
TapiSrv
[svchost.exe]

UDP 127.0.0.1:4041 *:* 8032
[winlogon.exe]

UDP 127.0.0.1:1512 *:* 3188
[winlogon.exe]

UDP 127.0.0.1:1486 *:* 1412
[Dfssvc.exe]

UDP 127.0.0.1:4841 *:* 5492
[Mcshield.exe]

UDP 192.168.1.254:123 *:* 2212
[ntpd.exe]

UDP 192.168.1.254:389 *:* 412
[lsass.exe]

UDP 192.168.1.254:88 *:* 412
[lsass.exe]

UDP 192.168.1.254:137 *:* 4
[‘Ёб⥬ ]

UDP 192.168.1.254:138 *:* 4
[‘Ёб⥬ ]

UDP 192.168.1.254:464 *:* 412
[lsass.exe]

UDP 192.168.1.254:68 *:* 3148
[tcpsvcs.exe]

UDP 192.168.1.254:67 *:* 3148
[tcpsvcs.exe]

UDP 192.168.1.254:2535 *:* 3148
[tcpsvcs.exe]

UDP 192.168.1.254:53 *:* 1460
[dns.exe]

Страницы: 1

Предыдущая тема: Сеть недоступна


Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.