Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 4.74%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.05%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.22%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.00%
6.2.9200.16384 (win8_rtm.120725-1247) 0.81%
6.2.9200.16384 (win8_rtm.120725-1247) 0.82%
6.2.9200.16384 (win8_rtm.120725-1247) 1.70%
6.2.9200.16384 (win8_rtm.120725-1247) 13.81%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.05%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.05%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.00%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 22.55%
6.1.7600.16385 (win7_rtm.090713-1255) 38.30%
6.1.7600.16385 (win7_rtm.090713-1255) 0.00%
6.1.7600.16385 (win7_rtm.090713-1255) 1.62%
6.1.7600.16385 (win7_rtm.090713-1255) 0.00%
6.1.7600.16385 (win7_rtm.090713-1255) 0.00%
6.1.7600.16385 (win7_rtm.090713-1255) 0.23%
6.0.6000.16386 (vista_rtm.061101-2205) 5.56%
6.0.6000.16386 (vista_rtm.061101-2205) 1.21%
6.0.6000.16386 (vista_rtm.061101-2205) 0.32%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.00%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.02%
5.1.2600.5689 (xpsp_sp3_qfe.081003-1407) 0.09%
View more

Relationships

Parent process
Child processes
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
GetTokenInformation, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetEntriesInAclW, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherW, RegDisablePredefinedCacheEx, EventRegister, EventEnabled, EventWrite, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerW, SetServiceStatus, OpenProcessToken
api-ms-win-core-crt-l1-1-0.dll
memcmp, memcpy, _except_handler4_common
api-ms-win-core-crt-l2-1-0.dll
exit, _initterm, _initterm_e, __wgetmainargs
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-0.dll
SetErrorMode, GetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
GetLastError, SetErrorMode, UnhandledExceptionFilter, SetUnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapAlloc, GetProcessHeap, HeapSetInformation, HeapFree
api-ms-win-core-heap-l1-2-0.dll
GetProcessHeap, HeapAlloc, HeapSetInformation, HeapFree
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalFree, LocalAlloc
api-ms-win-core-libraryloader-l1-1-1.dll
LoadLibraryExW, GetProcAddress, FreeLibrary
api-ms-win-core-libraryloader-l1-2-0.dll
FreeLibrary, GetProcAddress, LoadLibraryExW
api-ms-win-core-localization-l1-1-1.dll
LCMapStringW
api-ms-win-core-localization-l1-2-0.dll
LCMapStringW
api-ms-win-core-localization-l1-2-1.dll
LCMapStringW
api-ms-win-core-processenvironment-l1-1-0.dll
ExpandEnvironmentStringsW, GetCommandLineW
api-ms-win-core-processenvironment-l1-1-1.dll
ExpandEnvironmentStringsW, GetCommandLineW
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW, GetCommandLineW
api-ms-win-core-processthreads-l1-1-0.dll
TerminateProcess, GetCurrentProcess, OpenProcessToken, GetCurrentProcessId, GetCurrentThreadId
api-ms-win-core-processthreads-l1-1-1.dll
ExitProcess, SetProcessAffinityUpdateMode, OpenProcessToken, TerminateProcess, GetCurrentThreadId, GetCurrentProcess, GetCurrentProcessId, IsProcessorFeaturePresent
api-ms-win-core-processthreads-l1-1-2.dll
SetProcessAffinityUpdateMode, OpenProcessToken, GetCurrentThreadId, ExitProcess, GetCurrentProcess, TerminateProcess, GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegOpenKeyExW, RegQueryValueExW, RegDisablePredefinedCacheEx, RegCloseKey, RegGetValueW
api-ms-win-core-sidebyside-l1-1-0.dll
DeactivateActCtx, ReleaseActCtx, ActivateActCtx, CreateActCtxW
api-ms-win-core-string-l1-1-0.dll
CompareStringW, WideCharToMultiByte
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpiW, lstrlenW, lstrcmpW
api-ms-win-core-synch-l1-1-1.dll
InitializeSRWLock, AcquireSRWLockShared, EnterCriticalSection, LeaveCriticalSection, ReleaseSRWLockShared, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, InitializeCriticalSection
api-ms-win-core-synch-l1-2-0.dll
AcquireSRWLockShared, InitializeSRWLock, AcquireSRWLockExclusive, EnterCriticalSection, LeaveCriticalSection, ReleaseSRWLockExclusive, ReleaseSRWLockShared
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-1.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-threadpool-l1-1-1.dll
RegisterWaitForSingleObjectEx
api-ms-win-core-threadpool-private-l1-1-0.dll
RegisterWaitForSingleObjectEx
api-ms-win-obsolete-kernelbase-l1-1-0.dll
lstrcmpW, lstrlenW, LocalAlloc, lstrcmpiW, LocalFree
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, AddAccessAllowedAce, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetTokenInformation, InitializeSecurityDescriptor, GetLengthSid, InitializeAcl
api-ms-win-security-base-l1-2-0.dll
GetLengthSid, InitializeAcl, InitializeSecurityDescriptor, GetTokenInformation, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, AddAccessAllowedAce, SetSecurityDescriptorDacl
api-ms-win-service-core-l1-1-0.dll
StartServiceCtrlDispatcherW, SetServiceStatus
api-ms-win-service-core-l1-1-1.dll
SetServiceStatus, StartServiceCtrlDispatcherW
api-ms-win-service-winsvc-l1-1-0.dll
RegisterServiceCtrlHandlerW
api-ms-win-service-winsvc-l1-2-0.dll
RegisterServiceCtrlHandlerW
kernel32.dll
LocalAlloc, CloseHandle, DelayLoadFailureHook, GetProcAddress, GetLastError, FreeLibrary, InterlockedCompareExchange, LoadLibraryExA, InterlockedExchange, Sleep, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, UnhandledExceptionFilter, DeactivateActCtx, LoadLibraryExW, ActivateActCtx, LeaveCriticalSection, lstrcmpW, EnterCriticalSection, RegCloseKey, RegOpenKeyExW, HeapSetInformation, lstrcmpiW, lstrlenW, LCMapStringW, RegQueryValueExW, ReleaseActCtx, CreateActCtxW, ExpandEnvironmentStringsW, GetCommandLineW, ExitProcess, SetProcessAffinityUpdateMode, RegDisablePredefinedCacheEx, InitializeCriticalSection, GetProcessHeap, SetErrorMode, RegisterWaitForSingleObjectEx, LocalFree, HeapFree, WideCharToMultiByte, HeapAlloc, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess, GetCurrentProcess, RegisterWaitForSingleObject, LoadLibraryA, ReleaseSRWLockShared, AcquireSRWLockShared, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive
msvcrt.dll
DllMain
ntdll.dll
RtlAllocateHeap, RtlLengthRequiredSid, RtlSubAuthoritySid, RtlInitializeSid, RtlCopySid, RtlSubAuthorityCountSid, RtlInitializeCriticalSection, RtlSetProcessIsCritical, RtlImageNtHeader, RtlUnhandledExceptionFilter, EtwEventWrite, EtwEventEnabled, EtwEventRegister, RtlFreeHeap, NtSetInformationProcess
rpcrt4.dll
RpcMgmtSetServerStackSize, I_RpcMapWin32Status, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerUseProtseqEpW, RpcServerListen, I_RpcServerDisableExceptionFilter

svchost.exe

Host Process for Windows Services by Microsoft Corporation (Signed)

Remove svchost.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   6f68f63794097e54f36474ed4384b759
SHA1:   5e185df5c89365a5e6728e08557c5b1d13dbbe07
SHA256:   745e45b1e868c395c033c3178b423d2be121da0abbf859553adf1a7d383099b7
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is svchost.exe?

Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.

Overview

svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows 7 and is compiled as a 64 bit program.

DetailsDetails

File name:svchost.exe
Publisher:Microsoft Corporation
Product name:Host Process for Windows Services
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\svchost.exe
Original name:svchost.exe.mui
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:27 KB (27,648 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Friday, June 13, 2014
Digital DNA
Entropy:5.878473
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
This is the shared Service Host controller that runs some of the following shared services:
  • Service name 'QQPCFixSvc'
  • Service name 'Журнал событий Windows'
Drivers
  • SDGame
  • WinDefend
  • 1394hub
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
  • [TCP] 223.202.36.53:80
  • [TCP] a88-221-92-80.deploy.akamaitechnologies.com (88.221.92.80:80)
  • [TCP] 194-79-68-18.static.net.novis.pt (194.79.68.18:80)
  • [UDP] listens on port 61363
  • [UDP] listens on port 54170
  • [UDP] listens on port 65459
  • [UDP] listens on port 5355
  • [UDP] listens on port 57254
  • [UDP] listens on port 62650
  • [UDP] listens on port 63198
  • [UDP] listens on port 123
  • [UDP] listens on port 68
  • [UDP] listens on port 4500
  • [UDP] listens on port 50641
  • [UDP] listens on port 58515
  • [UDP] listens on port 63306
  • [UDP] listens on port 61753
  • [UDP] listens on port 59501
  • [UDP] listens on port 49167
  • [UDP] listens on port 49998
  • [UDP] listens on port 55770

  • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00223215%
    0.028634%
    Kernel CPU:0.00092621%
    0.013761%
    User CPU:0.00130594%
    0.014873%
    Kernel CPU time:88,809,847 ms/min
    100,923,805ms/min
    CPU cycles:2,046,044/sec
    17,470,203/sec
    Context switches:110/sec
    284/sec
    Memory
    Private memory:25.13 MB
    21.59 MB
    Private (maximum):45.29 MB
    Private (minimum):14.56 MB
    Non-paged memory:25.13 MB
    21.59 MB
    Virtual memory:145.53 MB
    140.96 MB
    Virtual memory (peak):156.03 MB
    169.69 MB
    Working set:23.26 MB
    18.61 MB
    Working set (peak):81.64 MB
    37.95 MB
    Page faults:1,076,806/min
    2,039/min
    I/O
    I/O read transfer:61.37 KB/sec
    1.02 MB/min
    I/O read operations:15/sec
    343/min
    I/O write transfer:19.59 KB/sec
    274.99 KB/min
    I/O write operations:6/sec
    227/min
    I/O other transfer:2.71 MB/sec
    448.09 KB/min
    I/O other operations:264/sec
    1,671/min
    Resource allocations
    Threads:16
    12
    Handles:453
    600

    BehaviorsProcess properties

    Integrety level:System
    Platform:64-bit
    Command lines:
    • C:\Windows\System32\svchost.exe -k localsystemnetworkrestricted
    • C:\Windows\System32\svchost.exe -k rpcss
    • C:\Windows\System32\svchost.exe -k localservice
    • C:\Windows\System32\svchost.exe -k localserviceandnoimpersonation
    • C:\Windows\System32\svchost.exe -k networkservice
    • C:\Windows\System32\svchost.exe -k localservicenonetwork
    • C:\Windows\System32\svchost.exe -k dcomlaunch
    • (28 more)
    Owner:LOCAL SERVICE
    Parent process:services.exe (Services and Controller app by Microsoft)

    ResourcesThreads

    Averages
     
    sdengin2.dll (Microsoft Windows Backup Engine by Microsoft)
    Total CPU:0.40164921%
    0.272967%
    Kernel CPU:0.33017928%
    0.107585%
    User CPU:0.07146993%
    0.165382%
    CPU cycles:8,876,418/sec
    5,741,424/sec
    Context switches:2/sec
    79/sec
    Memory:1.08 MB
    1.16 MB
    wbemcore.dll
    Total CPU:0.12946856%
    Kernel CPU:0.03532209%
    User CPU:0.09414647%
    CPU cycles:3,317,546/sec
    Context switches:3/sec
    Memory:1.18 MB
    sysmain.dll (Superfetch Service Host by Microsoft)
    Total CPU:0.11224506%
    Kernel CPU:0.11068700%
    User CPU:0.00155806%
    CPU cycles:2,252,194/sec
    Context switches:4/sec
    Memory:1.68 MB
    dhcpcore6.dll
    Total CPU:0.05935432%
    Kernel CPU:0.05866791%
    User CPU:0.00068642%
    CPU cycles:680,110/sec
    Memory:236 KB
    ntdll.dll
    Total CPU:0.05496342%
    Kernel CPU:0.03021221%
    User CPU:0.02475121%
    CPU cycles:1,088,524/sec
    Context switches:7/sec
    Memory:1.66 MB
    sechost.dll (Host for SCM/SDDL/LSA Lookup APIs by Microsoft)
    Total CPU:0.03816458%
    Kernel CPU:0.00820607%
    User CPU:0.02995851%
    CPU cycles:825,794/sec
    Context switches:1/sec
    Memory:124 KB
    rasppp.dll
    Total CPU:0.02921868%
    Kernel CPU:0.01908954%
    User CPU:0.01012914%
    CPU cycles:596,626/sec
    Context switches:9/sec
    Memory:224 KB
    ole32.dll
    Total CPU:0.02064334%
    Kernel CPU:0.00005739%
    User CPU:0.02058595%
    CPU cycles:3,422/sec
    Memory:2.01 MB
    ICAAPI.dll
    Total CPU:0.01990322%
    Kernel CPU:0.01990322%
    User CPU:0.00000000%
    CPU cycles:510,676/sec
    Context switches:10/sec
    Memory:40 KB
    nlasvc.dll (Network Location Awareness 2 by Microsoft)
    Total CPU:0.01148251%
    Kernel CPU:0.00960985%
    User CPU:0.00187266%
    CPU cycles:254,890/sec
    Context switches:1/sec
    Memory:312 KB
    mprtp.dll
    Total CPU:0.01126162%
    Kernel CPU:0.00474870%
    User CPU:0.00651292%
    CPU cycles:264,740/sec
    Context switches:1/sec
    Memory:212 KB
    mpssvc.dll (Microsoft Protection Service by Microsoft)
    Total CPU:0.00485166%
    Kernel CPU:0.00361583%
    User CPU:0.00123582%
    CPU cycles:122,369/sec
    Memory:824 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 8.1 Pro 100.00%

    Distribution by countryDistribution by country

    Austria installs about 79.00% of Host Process for Windows Services.
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE