Platform: x64 Windows Server 2012 R2 (Server Standard), 6.3.9600.18734, Service
Elevated: Yes
Ran by: Administrator (group: Administrator) on VPS1433661, FirstRun: yes
Internet Explorer: 11.0.9600.18123
Default: "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Internet Explorer)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Plesk\DrWeb\DrWebCom.exe
1 C:\Program Files (x86)\Plesk\DrWeb\drwebupw.exe
1 C:\Program Files (x86)\Plesk\Mail Servers\Mail Enable\Bin\METray.exe
1 C:\Program Files (x86)\Plesk\MySQL\bin\mysqld.exe
1 C:\Program Files (x86)\Plesk\admin\bin\PopPassD.exe
1 C:\Program Files (x86)\Plesk\admin\bin\plesksrv.exe
1 C:\Program Files (x86)\Plesk\admin\bin\runtask.exe
1 C:\Program Files (x86)\Plesk\admin\bin\traymonitor.exe
1 C:\Program Files (x86)\Plesk\admin\engine\php-cgi.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Qemu-ga\RebootNotifier.exe
1 C:\Program Files\Qemu-ga\VzGuestToolsMonitor.exe
1 C:\Users\Administrator\Desktop\HiJackThis\HiJackThis_v2.8.0.4.exe
1 C:\Windows\SysWOW64\inetsrv\w3wp.exe
1 C:\Windows\System32\LogonUI.exe
1 C:\Windows\System32\MSLicenseAgent.exe
1 C:\Windows\System32\Taskmgr.exe
1 C:\Windows\System32\cmd.exe
2 C:\Windows\System32\conhost.exe
3 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dns.exe
2 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\inetsrv\w3wp.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\msdtc.exe
1 C:\Windows\System32\rdpclip.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
15 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhostex.exe
1 C:\Windows\System32\wbem\WMIADAP.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
2 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wuauclt.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe
1 C:\Windows\splwow64.exe
R3 - HKU\S-1-5-21-3074485395-986531370-3921333289-1002: Default URLSearchHook is missing
R3 - HKU\S-1-5-80-3886227111-2492246244-3390245727-1063935317-1770056717: Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1 mewebmail.localhost
O1 - Hosts: 127.0.0.1 meprotocols.localhost
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Plesk Services Monitor.lnk -> C:\Program Files (x86)\Plesk\admin\bin\traymonitor.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [VzRebootNotifier] = c:\Program Files\Qemu-ga\RebootNotifier.exe
O4 - HKLM\..\Session Manager: [BootExecute] = C:\Windows\system32\autochk.exe /q /v *
O4-32 - HKLM\..\Run: [METray] = C:\Program Files (x86)\Plesk\Mail Servers\Mail Enable\BIN\METray.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O15 - ESC Trusted Zone: http://api.chip-secured-download.de
O15 - ESC Trusted Zone: http://www.bing.com
O15 - ProtocolDefaults: HKU\S-1-5-80-3886227111-2492246244-3390245727-1063935317-1770056717 - [@ivt] protocol is in Unknown Zone, should be Intranet Zone(User: 'PleskSQLServer')
O15 - ProtocolDefaults: HKU\S-1-5-80-3886227111-2492246244-3390245727-1063935317-1770056717 - [file] protocol is in Unknown Zone, should be Internet Zone(User: 'PleskSQLServer')
O15 - ProtocolDefaults: HKU\S-1-5-80-3886227111-2492246244-3390245727-1063935317-1770056717 - [ftp] protocol is in Unknown Zone, should be Internet Zone(User: 'PleskSQLServer')
O15 - ProtocolDefaults: HKU\S-1-5-80-3886227111-2492246244-3390245727-1063935317-1770056717 - [http] protocol is in Unknown Zone, should be Internet Zone(User: 'PleskSQLServer')
O15 - ProtocolDefaults: HKU\S-1-5-80-3886227111-2492246244-3390245727-1063935317-1770056717 - [https] protocol is in Unknown Zone, should be Internet Zone(User: 'PleskSQLServer')
O15 - ProtocolDefaults: HKU\S-1-5-80-3886227111-2492246244-3390245727-1063935317-1770056717 - [knownfolder] protocol is in Unknown Zone, should be My Computer Zone(User: 'PleskSQLServer')
O15 - ProtocolDefaults: HKU\S-1-5-80-3886227111-2492246244-3390245727-1063935317-1770056717 - [shell] protocol is in Unknown Zone, should be My Computer Zone(User: 'PleskSQLServer')
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C06F49C-40F3-4C32-8BC2-B50A8C80DF52}: [NameServer] = 62.141.32.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C06F49C-40F3-4C32-8BC2-B50A8C80DF52}: [NameServer] = 62.141.32.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C06F49C-40F3-4C32-8BC2-B50A8C80DF52}: [NameServer] = 62.141.32.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [Domain] = vs.webtropia-customer.com
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7C06F49C-40F3-4C32-8BC2-B50A8C80DF52}: [NameServer] = 62.141.32.3
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7C06F49C-40F3-4C32-8BC2-B50A8C80DF52}: [NameServer] = 62.141.32.4
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7C06F49C-40F3-4C32-8BC2-B50A8C80DF52}: [NameServer] = 62.141.32.5
O17 - HKLM\System\ControlSet002\Services\Tcpip\Parameters: [Domain] = vs.webtropia-customer.com
O22 - Task (Job): (Ready) Backup of vital Plesk settings.job - C:\Program Files (x86)\Plesk\admin\bin\sshost.exe --settings-backup
O22 - Task (Job): (Ready) Plesk Scheduler Task #7166d7ad83e32f92a816d56773a3983f.job - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\/admin/engine/php.exe" "--parameters=-dauto_prepend_file=sdk.php \"C:\Program Files ^(x86^)\Plesk\admin\plib\modules\wp-toolkit\scripts\maintenance.php\"""
O22 - Task (Job): (Ready) Plesk Scheduler Task #dd4bd6cdee3d0a74ba38050cb8e82647.job - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\/admin/engine/php.exe" "--parameters=-dauto_prepend_file=sdk.php \"C:\Program Files ^(x86^)\Plesk\admin\plib\modules\wp-toolkit\scripts\instances-auto-update.php\"""
O22 - Task (Job): (Ready) Plesk Scheduler Task #fe21522a32d7fa693d93311b0d51c0ea.job - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\/admin/engine/php.exe" "--parameters=-dauto_prepend_file=sdk.php \"C:\Program Files ^(x86^)\Plesk\admin\plib\modules\letsencrypt\scripts\keep-secured.php\"""
O22 - Task (Job): (Ready) Plesk Scheduler Task #{712D7996-58AA-4a36-B64D-1809F3794A21}.job - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" --defaultmail "--application=C:\Program Files (x86)\Plesk\admin\engine\php.exe" "--parameters=-q \"C:\Program Files ^(x86^)\Plesk\admin\plib\DailyMaintainance\script.php\"""
O22 - Task (Job): (Ready) Plesk Scheduler Task #{7F9CD2FC-8C81-4f3c-AE0B-BB8C9BA560A7}.job - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\admin\engine\php.exe" "--parameters=-q \"C:\Program Files ^(x86^)\Plesk\admin\plib\DailyMaintainance\script.php\" monthly""
O22 - Task (Job): (Ready) Plesk Scheduler Task #{99254CDC-8EA7-49ee-8A49-FC2A169843B7}.job - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\admin\engine\php.exe" "--parameters=-q \"C:\Program Files ^(x86^)\Plesk\admin\plib\DailyMaintainance\script.php\" weekly""
O22 - Task (Job): (Ready) Plesk Scheduler Task #{9b734460-76dc-44ce-8ead-f2a6f19a707e}.job - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" --defaultmail "--application=C:\Program Files (x86)\Plesk\admin\bin\web_statistics_executor.exe" "--parameters=""
O22 - Task (Job): (Ready) Rotation of Plesk admin logs.job - C:\Program Files (x86)\Plesk\admin\bin\sshost.exe --rotate-plesk-logs
O22 - Task (Job): (Running) Plesk Scheduler Task #C6586631-C086-43FE-9B96-BA28E52FDCD6.job - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=\"C:\Program Files ^(x86^)\Plesk\DrWeb\drwebupw.exe\"" "--parameters= /GO /ST \"/RPC:\Program Files ^(x86^)\Plesk\DrWeb\DrWebUpW.log\" \"/DIR:C:\Program Files ^(x86^)\Plesk\DrWeb\\\"""
O22 - Task: (disabled) \Microsoft\Windows\PLA\Server Manager Performance Monitor - C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
O22 - Task: (disabled) \Microsoft\Windows\Software Inventory Logging\Collection - C:\Windows\system32\cmd.exe /d /c C:\Windows\system32\silcollector.cmd publish
O22 - Task: (disabled) \Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - C:\Windows\system32\defrag.exe -c -h -g -# (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe C:\Windows\system32\invagent.dll,RunUpdate
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant - C:\Windows\system32\ceipdata.exe -id 1 (Microsoft)
O22 - Task: Backup of vital Plesk settings - C:\Program Files (x86)\Plesk\admin\bin\sshost.exe --settings-backup
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: MS License Agent - C:\Windows\System32\MSLicenseAgent.exe
O22 - Task: MS License Agent Startup - C:\Windows\System32\MSLicenseAgent.exe
O22 - Task: Plesk Scheduler Task #7166d7ad83e32f92a816d56773a3983f - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\/admin/engine/php.exe" "--parameters=-dauto_prepend_file=sdk.php \"C:\Program Files ^(x86^)\Plesk\admin\plib\modules\wp-toolkit\scripts\maintenance.php\"""
O22 - Task: Plesk Scheduler Task #C6586631-C086-43FE-9B96-BA28E52FDCD6 - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=\"C:\Program Files ^(x86^)\Plesk\DrWeb\drwebupw.exe\"" "--parameters= /GO /ST \"/RPC:\Program Files ^(x86^)\Plesk\DrWeb\DrWebUpW.log\" \"/DIR:C:\Program Files ^(x86^)\Plesk\DrWeb\\\"""
O22 - Task: Plesk Scheduler Task #dd4bd6cdee3d0a74ba38050cb8e82647 - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\/admin/engine/php.exe" "--parameters=-dauto_prepend_file=sdk.php \"C:\Program Files ^(x86^)\Plesk\admin\plib\modules\wp-toolkit\scripts\instances-auto-update.php\"""
O22 - Task: Plesk Scheduler Task #fe21522a32d7fa693d93311b0d51c0ea - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\/admin/engine/php.exe" "--parameters=-dauto_prepend_file=sdk.php \"C:\Program Files ^(x86^)\Plesk\admin\plib\modules\letsencrypt\scripts\keep-secured.php\"""
O22 - Task: Plesk Scheduler Task #{712D7996-58AA-4a36-B64D-1809F3794A21} - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" --defaultmail "--application=C:\Program Files (x86)\Plesk\admin\engine\php.exe" "--parameters=-q \"C:\Program Files ^(x86^)\Plesk\admin\plib\DailyMaintainance\script.php\"""
O22 - Task: Plesk Scheduler Task #{7F9CD2FC-8C81-4f3c-AE0B-BB8C9BA560A7} - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\admin\engine\php.exe" "--parameters=-q \"C:\Program Files ^(x86^)\Plesk\admin\plib\DailyMaintainance\script.php\" monthly""
O22 - Task: Plesk Scheduler Task #{99254CDC-8EA7-49ee-8A49-FC2A169843B7} - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" "--application=C:\Program Files (x86)\Plesk\admin\engine\php.exe" "--parameters=-q \"C:\Program Files ^(x86^)\Plesk\admin\plib\DailyMaintainance\script.php\" weekly""
O22 - Task: Plesk Scheduler Task #{9b734460-76dc-44ce-8ead-f2a6f19a707e} - C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plesk\admin\bin\runtask.exe" --defaultmail "--application=C:\Program Files (x86)\Plesk\admin\bin\web_statistics_executor.exe" "--parameters=""
O22 - Task: Rotation of Plesk admin logs - C:\Program Files (x86)\Plesk\admin\bin\sshost.exe --rotate-plesk-logs
O22 - Task: \Microsoft\Windows\Defrag\ScheduledDefrag - C:\Windows\system32\defrag.exe -c -h -k -g -$ (Microsoft)
O22 - Task: \Microsoft\Windows\Server Manager\CleanupOldPerfLogs - C:\Windows\system32\cscript.exe /B /nologo C:\Windows\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2) (Microsoft)
O22 - Task: \Microsoft\Windows\Server Manager\ServerManager - C:\Windows\system32\ServerManagerLauncher.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Software Inventory Logging\Configuration - C:\Windows\system32\cmd.exe /d /c C:\Windows\system32\silcollector.cmd configure
O22 - Task: \Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization - {5C9AB547-345D-4175-9AF6-65133463A100} - C:\Windows\system32\TieringEngineService.exe (Microsoft)
O23 - Service R2: DrWebCom - C:\Program Files (x86)\Plesk\DrWeb\drwebcom.exe
O23 - Service R2: Plesk Management Service - (plesksrv) - C:\Program Files (x86)\Plesk\admin\bin\plesksrv.exe -run
O23 - Service R2: Plesk PopPass Service - (PopPassD) - C:\Program Files (x86)\Plesk\admin\bin\PopPassD.exe -run
O23 - Service R2: Plesk SQL Server - (PleskSQLServer) - C:\Program Files (x86)\Plesk\MySQL\bin\mysqld.exe --defaults-file="C:\Program Files (x86)\Plesk\MySQL\my.ini" PleskSQLServer
O23 - Service R2: Virtuozzo Guest Tools Updater - (VzGuestToolsMonitor) - c:\Program Files\Qemu-ga\VzGuestToolsMonitor.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc