Depends on what system but regardless of this you should disconnect the server from the network ASAP. If you keep the server online you risk having other (trusted) servers being hacked or damaged too, and besides it helps doing forensics on a hacked server when it's offline.
For Windows you can try software like Spyware Doctor (sp?) or Avast which can detect most virus, trojans etc. But I'm no windows expert so there might be better ways...
For Linux/Unix, try something like chkrootkit or rkhunter. Don't trust commands such as "ps" or "top" because a hacked server could have fake replacements. The easiest is to boot from a cd such as Knoppix and then scan your hardrive from there.
I recommend you rebuild the server from scratch (as in re-format and reinstall OS etc) and then prepare it with some IDS tools and set up a nice firewall or two before putting it online again. IDS=intrusion detection tools. You can google for all these things.
Make sure you keep your server up-to-date with the latest security patches..this is an ongoing thing so don't just leave your serverrunning without updating it.
High server loads might just be a busy server. The portscanning does not sound good but are you sure it was coming from your server and not directed at it?
As posted above rkhunter is a really good way to do a quick check to see if your system has been penetrated. Please note that simply because rkhunter shows you are all clean does not necessarily mean you are! It is possible to not have something show up. I would run it first though and see what happens.
John W, CISSP, C|EH
MS Information Security and Assurance ITEagleEye.com - Server Administration and Security Yawig.com - Managed VPS and Dedicated Servers with VIP Service
your server may not be root compromised which is hwy the rootkit checkers are coming up negative, instead you could have an php script that was exploited and allowing an attacker to run portscaning/ssh bruteforce binarys/scripts though the apache user.
Steven Ciaburri | Industry's Best Server Management- Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance