1hqup.exe (1hqup) Trojan Virus File Removal

Danger 1hqup.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Type: Trojan Virus (Click Here To Learn More)
Location: C:\1hqup.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

1hqup.exe has been identified as a computer virus. The file is generally bundled with another trojan virus, herss.exe, and additional files which include cvasds0.dll, cvasds1.dll, and cvasds2.dll.

Below is our recommended removal tool for 1hqup.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

View Information On Herss.exe

Manual Removal – 1hqup.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

1hqup.exe File Details -
File Type – EXE – 1hqup.exe is a executable file
First Identified – February 1 2024

Common Questions -
1. How did I get this computer virus? (Click Here To View)
2. What common symptoms show that my computer may be infected? (Click Here To View)
3. How can I check if 1hqup.exe is a computer virus? (Click Here To View)
4. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips.

Please post comments below. Your comments are both useful to visitors and to us.

Posted in: Malware Removal

This entry was posted on Tuesday, February 2nd, 2024 at 4:56 am and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “1hqup.exe (1hqup) Trojan Virus File Removal”

Chris March 24th, 2024 at 10:44 am

Please help me analyzing my HijackThis-Logfile!
What should I do next??

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:40:28, on 24.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Spybot – Search & Destroy\TeaTimer.exe
C:\Programme\Mozilla Firefox\firefox.exe
c:\programme\avira\antivir desktop\avscan.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.tagesschau.de/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 – BHO: HP Print Enhancer – {0347C33E-8762-4905-BF09-768834316C61} – C:\Programme\HP\Digital Imaging\Smart

Web Printing\hpswp_printenhancer.dll
O2 – BHO: Adobe PDF Reader – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programme\Gemeinsame

Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Skype add-on (mastermind) – {22BF413B-C6D2-4d91-82A9-A0F997BA588C} –

C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Programme\Google\Google

Toolbar\GoogleToolbar_32.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} –

C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 – BHO: PDFCreator Toolbar Helper – {C451C08A-EC37-45DF-AAAD-18B51AB5E837} – C:\Programme\PDFCreator

Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} –

C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} –

C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: HP Smart BHO Class – {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} – C:\Programme\HP\Digital Imaging\Smart

Web Printing\hpswp_BHO.dll
O3 – Toolbar: PDFCreator Toolbar – {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} – C:\Programme\PDFCreator

Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Programme\Google\Google

Toolbar\GoogleToolbar_32.dll
O4 – HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [LaunchAp] “C:\Programme\Launch Manager\LaunchAp.exe”
O4 – HKLM\..\Run: [CtrlVol] “C:\Programme\Launch Manager\CtrlVol.exe”
O4 – HKLM\..\Run: [LMgrOSD] “C:\Programme\Launch Manager\OSD.exe”
O4 – HKLM\..\Run: [Wbutton] “C:\Programme\Launch Manager\Wbutton.exe”
O4 – HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [IntelZeroConfig] “C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe”
O4 – HKLM\..\Run: [IntelWireless] “C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [HotkeyApp] “C:\Programme\Launch Manager\HotkeyApp.exe”
O4 – HKLM\..\Run: [LanguageShortcut] “C:\Programme\Home Cinema\PowerDVD\Language\Language.exe”
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [LogitechCommunicationsManager] “C:\Programme\Gemeinsame

Dateien\LogiShrd\LComMgr\Communications_Helper.exe”
O4 – HKLM\..\Run: [LogitechQuickCamRibbon] “C:\Programme\Logitech\QuickCam\Quickcam.exe” /hide
O4 – HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Programme\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [avgnt] “C:\Programme\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKLM\..\Run: [QuickTime Task] “C:\Programme\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [iTunesHelper] “C:\Programme\iTunes\iTunesHelper.exe”
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Programme\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [swg] “C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 – HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 – HKCU\..\Run: [cdoosoft] C:\DOKUME~1\moi\LOKALE~1\Temp\herss.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOKALER DIENST’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETZWERKDIENST’)
O4 – HKUS\S-1-5-21-344604442-4086710368-3439064695-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

(User ‘Administrator’)
O4 – HKUS\S-1-5-21-344604442-4086710368-3439064695-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

(User ‘Gast’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 – Extra context menu item: Nach Microsoft &Excel exportieren –

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {5067A26B-1337-4436-8AFE-EE169C2DA79F} – C:\Programme\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O9 – Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer – {5067A26B-1337-4436-8AFE-EE169C2DA79F} –

C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Skype – {77BF5300-1474-4EC7-9980-D32B190E9B07} – C:\Programme\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O9 – Extra button: Recherchieren – {92780B25-18CC-41C8-B9BE-3C9C571A8263} –

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 – Extra button: HP Intelligente Auswahl – {DDE87865-83C5-48c4-8357-2F5B1AA84522} – C:\Programme\HP\Digital

Imaging\Smart Web Printing\hpswp_BHO.dll
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} –

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} –

C:\Programme\Messenger\msmsgs.exe
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) –

https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163614636698
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} –

C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} –

C:\WINDOWS\system32\browseui.dll
O23 – Service: Avira AntiVir Planer (AntiVirSchedulerService) – Avira GmbH – C:\Programme\Avira\AntiVir

Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Programme\Avira\AntiVir

Desktop\avguard.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Programme\Gemeinsame Dateien\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 – Service: Bonjour-Dienst (Bonjour Service) – Apple Inc. – C:\Programme\Bonjour\mDNSResponder.exe
O23 – Service: Crypkey License – Kenonic Controls Ltd. – C:\WINDOWS\SYSTEM32\crypserv.exe
O23 – Service: Cisco Systems, Inc. VPN Service (CVPND) – Cisco Systems, Inc. – C:\Programme\Cisco Systems\VPN

Client\cvpnd.exe
O23 – Service: Intel(R) PROSet/Wireless Event Log (EvtEng) – Intel Corporation –

C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 – Service: getPlus(R) Helper – NOS Microsystems Ltd. – C:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. –

C:\Programme\Google\Update\GoogleUpdate.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Programme\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programme\Gemeinsame

Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod-Dienst (iPod Service) – Apple Inc. – C:\Programme\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. –

C:\Programme\Java\jre6\bin\jqs.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company –

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 – Service: LVCOMSer – Logitech Inc. – C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 – Service: Process Monitor (LVPrcSrv) – Logitech Inc. – C:\Programme\Gemeinsame

Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) – Intel Corporation –

C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 – Service: Cyberlink RichVideo Service(CRVS) (RichVideo) – Unknown owner – C:\Programme\CyberLink\Shared

Files\RichVideo.exe
O23 – Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) – Intel Corporation –

C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 – Service: Sceneo PVR Service (srvcPVR) – Buhl Data Service GmbH –

C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 – Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) – TuneUp Software GmbH –

C:\WINDOWS\System32\TuneUpDefragService.exe
O23 – Service: X10 Device Network Service (x10nets) – X10 – C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


End of file – 13078 bytes

Leave a Reply