darren daye
10-07-2008, 09:34
Ciao a tutti, ho un problema molto urgente con una lama di un ibm blade con windows 2003 srv r2.
Da diversi giorni si spegne da solo dopo un tot di tempo (in genere alle 22/23 la sera e tre volte in mattinata a distanza di un'ora), l'assistenza ibm è già intervenuta cambiando la scheda madre, le ram e la cpu, ma senza risultato.
Ho provato a fare tante scansioni antivirus (il srv comunque ha già sophos in dotazione), ma senza risultato. Il server è sotto ups e non dà nessuna segnalazione di temperatura (la sala ced è sui 18 gradi comunque).
Capirete che con 100 utenti collegati (il srv in questione gestisce cartelle di rete e posta), me la stò passando un po' male.
Allego la scansione che ho fatto con hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.27.52, on 10/07/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IBMIASRW.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Lotus\Domino\nservice.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Lotus\Domino\nSERVER.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\nfsclnt.exe
C:\WINDOWS\system32\Dfsr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mapsvc.exe
C:\WINDOWS\system32\nfssvc.exe
C:\Lotus\Domino\nevent.EXE
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\bin\vmware-vmx.exe
C:\Lotus\Domino\nUpdate.EXE
C:\Lotus\Domino\nReplica.EXE
C:\Lotus\Domino\nRouter.EXE
C:\Lotus\Domino\nAMgr.EXE
C:\Lotus\Domino\nAdminP.EXE
C:\Lotus\Domino\nCalConn.EXE
C:\Lotus\Domino\nSched.EXE
C:\Lotus\Domino\namgr.EXE
C:\Lotus\Domino\nmtc.EXE
C:\Lotus\Domino\nCldbdir.EXE
C:\Lotus\Domino\nClrepl.EXE
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\administrator.HUTCHINSON_Y2K\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.32.12.201:8009
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.corp.local;*.enxo.org;*.hutchinson.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [VxBeMon] "C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O15 - ESC Trusted Zone: http://groups.google.it
O15 - ESC Trusted Zone: http://www.google.it
O15 - ESC Trusted Zone: http://h20000.www2.hp.com
O15 - ESC Trusted Zone: http://h20180.www2.hp.com
O15 - ESC Trusted Zone: http://welcome.hp.com
O15 - ESC Trusted Zone: http://www.hp.com
O15 - ESC Trusted Zone: http://www.ibm.com
O15 - ESC Trusted Zone: http://www-03.ibm.com
O15 - ESC Trusted Zone: http://www-1.ibm.com
O15 - ESC Trusted Zone: http://www-304.ibm.com
O15 - ESC Trusted Zone: http://www.sinfo.it
O15 - ESC Trusted IP range: http://10.35.178.16
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1188391592727
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://www.sinfo.it/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Hutchinson.y2k
O17 - HKLM\Software\..\Telephony: DomainName = Hutchinson.y2k
O17 - HKLM\System\CCS\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: Domain = rivo.hut.chem.corp.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: NameServer = 10.35.178.15,10.35.178.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Hutchinson.y2k
O17 - HKLM\System\CS1\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: Domain = rivo.hut.chem.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: NameServer = 10.35.178.15,10.35.178.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Hutchinson.y2k
O17 - HKLM\System\CS2\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: Domain = rivo.hut.chem.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: NameServer = 10.35.178.15,10.35.178.10
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
O23 - Service: IBM Automatic Server Restart Service for IPMI (ibms6asr) - IBM Corporation - C:\WINDOWS\system32\IBMIASRW.EXE
O23 - Service: Lotus Domino Server (ARIVOSMM02) - IBM Corp - C:\Lotus\Domino\nservice.exe
O23 - Service: Crea report sullo stato di Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 7957 bytes
Potete aiutarmi a capire il problema?
Grazie a tutti.
Carlo
Da diversi giorni si spegne da solo dopo un tot di tempo (in genere alle 22/23 la sera e tre volte in mattinata a distanza di un'ora), l'assistenza ibm è già intervenuta cambiando la scheda madre, le ram e la cpu, ma senza risultato.
Ho provato a fare tante scansioni antivirus (il srv comunque ha già sophos in dotazione), ma senza risultato. Il server è sotto ups e non dà nessuna segnalazione di temperatura (la sala ced è sui 18 gradi comunque).
Capirete che con 100 utenti collegati (il srv in questione gestisce cartelle di rete e posta), me la stò passando un po' male.
Allego la scansione che ho fatto con hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.27.52, on 10/07/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IBMIASRW.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Lotus\Domino\nservice.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Lotus\Domino\nSERVER.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\nfsclnt.exe
C:\WINDOWS\system32\Dfsr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mapsvc.exe
C:\WINDOWS\system32\nfssvc.exe
C:\Lotus\Domino\nevent.EXE
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\bin\vmware-vmx.exe
C:\Lotus\Domino\nUpdate.EXE
C:\Lotus\Domino\nReplica.EXE
C:\Lotus\Domino\nRouter.EXE
C:\Lotus\Domino\nAMgr.EXE
C:\Lotus\Domino\nAdminP.EXE
C:\Lotus\Domino\nCalConn.EXE
C:\Lotus\Domino\nSched.EXE
C:\Lotus\Domino\namgr.EXE
C:\Lotus\Domino\nmtc.EXE
C:\Lotus\Domino\nCldbdir.EXE
C:\Lotus\Domino\nClrepl.EXE
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\administrator.HUTCHINSON_Y2K\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.32.12.201:8009
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.corp.local;*.enxo.org;*.hutchinson.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [VxBeMon] "C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O15 - ESC Trusted Zone: http://groups.google.it
O15 - ESC Trusted Zone: http://www.google.it
O15 - ESC Trusted Zone: http://h20000.www2.hp.com
O15 - ESC Trusted Zone: http://h20180.www2.hp.com
O15 - ESC Trusted Zone: http://welcome.hp.com
O15 - ESC Trusted Zone: http://www.hp.com
O15 - ESC Trusted Zone: http://www.ibm.com
O15 - ESC Trusted Zone: http://www-03.ibm.com
O15 - ESC Trusted Zone: http://www-1.ibm.com
O15 - ESC Trusted Zone: http://www-304.ibm.com
O15 - ESC Trusted Zone: http://www.sinfo.it
O15 - ESC Trusted IP range: http://10.35.178.16
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1188391592727
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://www.sinfo.it/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Hutchinson.y2k
O17 - HKLM\Software\..\Telephony: DomainName = Hutchinson.y2k
O17 - HKLM\System\CCS\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: Domain = rivo.hut.chem.corp.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: NameServer = 10.35.178.15,10.35.178.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Hutchinson.y2k
O17 - HKLM\System\CS1\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: Domain = rivo.hut.chem.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: NameServer = 10.35.178.15,10.35.178.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Hutchinson.y2k
O17 - HKLM\System\CS2\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: Domain = rivo.hut.chem.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{2335F7D0-E36A-4E64-828C-57D2C7AB6CD0}: NameServer = 10.35.178.15,10.35.178.10
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
O23 - Service: IBM Automatic Server Restart Service for IPMI (ibms6asr) - IBM Corporation - C:\WINDOWS\system32\IBMIASRW.EXE
O23 - Service: Lotus Domino Server (ARIVOSMM02) - IBM Corp - C:\Lotus\Domino\nservice.exe
O23 - Service: Crea report sullo stato di Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 7957 bytes
Potete aiutarmi a capire il problema?
Grazie a tutti.
Carlo