Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.1.7264.0 (win7_rtm.090622-1900) 33.33%
5.1.2600.5512 (xpsp.080413-2111) 33.33%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) 33.33%

Relationships

Parent process
Child processes
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegOpenKeyW, ConvertSidToStringSidW, LogonUserExW, LsaStorePrivateData, LsaLookupNames, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, ImpersonateLoggedOnUser, CreateProcessAsUserW, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, GetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-file-l1-1-0.dll
CreateFileW, SetFileInformationByHandle, FindNextFileW, FindClose, CreateDirectoryW, FindFirstFileW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapFree, HeapCreate, HeapAlloc, HeapSetInformation
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedCompareExchange64
api-ms-win-core-io-l1-1-0.dll
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0.dll
GetModuleHandleW, GetProcAddress, FreeLibrary, LoadLibraryExW, GetModuleHandleA, LoadStringW
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegGetKeySecurity, RegSetKeySecurity, RegNotifyChangeKeyValue, RegLoadMUIStringW, RegSetValueExW, RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll
LocalFree, Sleep, lstrlenW, LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessW, CreateThread, TerminateProcess, GetCurrentThreadId, OpenThreadToken, GetCurrentThread, GetProcessId, GetCurrentProcess, CreateProcessAsUserW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, OpenProcessToken, ResumeThread, SetThreadPriority, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId, GetProcessTimes
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0.dll
CompareStringW
api-ms-win-core-synch-l1-1-0.dll
LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitForSingleObject, SetEvent, CreateEventW, ResetEvent, WaitForMultipleObjectsEx, OpenEventW, OpenProcess
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime, GetComputerNameExW, GetSystemTime, GetVersionExW
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, AdjustTokenPrivileges, EqualSid, ImpersonateLoggedOnUser, RevertToSelf, GetLengthSid, CopySid, CheckTokenMembership, GetTokenInformation, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, SetTokenInformation, AddAccessAllowedAce, AllocateAndInitializeSid, AllocateLocallyUniqueId, FreeSid, SetKernelObjectSecurity, GetKernelObjectSecurity
api-ms-win-security-lsalookup-l1-1-0.dll
LsaLookupFreeMemory, LsaLookupTranslateSids, LsaLookupOpenLocalPolicy, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupClose
api-ms-win-security-sddl-l1-1-0.dll
ConvertSecurityDescriptorToStringSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll
SystemFunction005, SystemFunction029
kernel32.dll
TerminateProcess, SetProcessShutdownParameters, lstrcmpiW, FormatMessageW, ExitThread, ReleaseMutex, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, CreateMutexW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, SetConsoleCtrlHandler, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW, OpenEventW, GetCurrentThread
msvcrt.dll
DllMain
ncobjapi.dll
WmiSetAndCommitObject, WmiEventSourceConnect, WmiCreateObjectWithFormat
ntdll.dll
RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, NtQueryInformationToken, RtlQuerySecurityObject, RtlAddAccessAllowedAce, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, RtlSetSecurityObject, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject, EtwRegisterTraceGuidsW, RtlUnicodeStringToInteger, RtlSetLastWin32Error, NtTraceControl, RtlInitializeCriticalSection, NtQueueApcThread, NtOpenThread, EvtIntReportEventAndSourceAsync, RtlSetProcessIsCritical, EtwEventRegister, EtwEventWrite, NtFilterToken, NtAccessCheck, WinSqmAddToStream, RtlSetEnvironmentVariable, RtlCreateServiceSid, DbgPrintEx, RtlInitializeSRWLock, RtlAcquireSRWLockShared, RtlReleaseSRWLockShared, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, EtwTraceMessage, NtQuerySystemInformation, RtlNtStatusToDosErrorNoTeb, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle
rpcrt4.dll
RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, NdrAsyncClientCall, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf, RpcServerListen, RpcServerUnregisterIf, UuidCreate, RpcAsyncAbortCall, RpcServerUnsubscribeForNotification, UuidEqual, RpcServerUseProtseqW, RpcServerInqBindings, RpcEpRegisterW, RpcServerInqDefaultPrincNameW, UuidCreateNil, RpcServerInqCallAttributesW, RpcServerInqBindingHandle, I_RpcBindingInqLocalClientPID, I_RpcSessionStrictContextHandle, RpcSsGetContextBinding, RpcServerInqCallAttributesA, RpcBindingServerFromClient, RpcBindingVectorFree, RpcServerSubscribeForNotification, UuidFromStringW
scesrv.dll
ScesrvInitializeServer, ScesrvTerminateServer
sspicli.dll
LogonUserExExW
umpnpmgr.dll
RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys
user32.dll
wsprintfW, BroadcastSystemMessageW, MessageBoxW, LoadStringW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

Aplicación de servicios y controlador by Microsoft

Remove services.exe
Version:   6.1.7264.0 (win7_rtm.090622-1900)
MD5:   06d916117254a44601c128946be07615
SHA1:   77cd1fb764e4aebb51ef6b0d1509f85297f20175
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

services.exe runs as a service under the name Registro de sucesos (Eventlog) with extensive SYSTEM privileges (full administrator access) as a shared service. This version is designed to run on Windows 7 and is compiled as a 32 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:Aplicación de servicios y controlador
Description:Sistema operativo Microsoft® Windows®
Typical file path:C:\Windows\System32\services.exe
File version:6.1.7264.0 (win7_rtm.090622-1900)
Product version:6.1.7264.0
Size:253 KB (259,072 bytes)
Build date:7/10/2009 10:58 PM
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'Eventlog' (Registro de sucesos)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00010061%
0.028634%
Kernel CPU:0.00007388%
0.013761%
User CPU:0.00002672%
0.014873%
Kernel CPU time:29,094 ms/min
100,923,805ms/min
Memory
Private memory:7.51 MB
21.59 MB
Private (maximum):5.86 MB
Private (minimum):5.66 MB
Non-paged memory:7.51 MB
21.59 MB
Virtual memory:42.91 MB
140.96 MB
Virtual memory (peak):97.67 MB
169.69 MB
Working set:5.7 MB
18.61 MB
Working set (peak):12.03 MB
37.95 MB
Resource allocations
Threads:14
12
Handles:302
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Owner:SYSTEM
Windows Service
Service name:Eventlog
Display name:Registro de sucesos
Description:“Habilita mensajes de registro de sucesos emitidos por programas basados en Windows y componentes para que se vean en Visor de sucesos. Este servicio no se puede detener. ”
Type:Win32ShareProcess
Parent process:wininit.exe (by Microsoft)

ResourcesThreads

Averages
 
UBPM.dll
Total CPU:0.02224786%
0.272967%
Kernel CPU:0.00098008%
0.107585%
User CPU:0.02126777%
0.165382%
CPU cycles:339,653/sec
5,741,424/sec
Memory:176 KB
1.16 MB
ntdll.dll
Total CPU:0.02214223%
Kernel CPU:0.01088009%
User CPU:0.01126214%
CPU cycles:337,554/sec
Memory:1.23 MB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 66.67%
Windows 7 Ultimate 33.33%

Distribution by countryDistribution by country

Mexico installs about 66.67% of Aplicación de servicios y controlador.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 66.67%
American Megatrends 33.33%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE