Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.1.7264.0 (win7_rtm.090622-1900) 33.33%
5.1.2600.5512 (xpsp.080413-2111) 33.33%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) 33.33%

Relationships

Parent process
Child processes
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
RegOpenKeyW, ConvertSidToStringSidW, LogonUserExW, LsaStorePrivateData, LsaLookupNames, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, ImpersonateLoggedOnUser, CreateProcessAsUserW, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, GetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-file-l1-1-0.dll
CreateFileW, SetFileInformationByHandle, FindNextFileW, FindClose, CreateDirectoryW, FindFirstFileW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapFree, HeapCreate, HeapAlloc, HeapSetInformation
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedCompareExchange64
api-ms-win-core-io-l1-1-0.dll
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0.dll
GetModuleHandleW, GetProcAddress, FreeLibrary, LoadLibraryExW, GetModuleHandleA, LoadStringW
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegGetKeySecurity, RegSetKeySecurity, RegNotifyChangeKeyValue, RegLoadMUIStringW, RegSetValueExW, RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll
LocalFree, Sleep, lstrlenW, LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessW, CreateThread, TerminateProcess, GetCurrentThreadId, OpenThreadToken, GetCurrentThread, GetProcessId, GetCurrentProcess, CreateProcessAsUserW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, OpenProcessToken, ResumeThread, SetThreadPriority, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId, GetProcessTimes
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0.dll
CompareStringW
api-ms-win-core-synch-l1-1-0.dll
LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitForSingleObject, SetEvent, CreateEventW, ResetEvent, WaitForMultipleObjectsEx, OpenEventW, OpenProcess
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime, GetComputerNameExW, GetSystemTime, GetVersionExW
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, AdjustTokenPrivileges, EqualSid, ImpersonateLoggedOnUser, RevertToSelf, GetLengthSid, CopySid, CheckTokenMembership, GetTokenInformation, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, SetTokenInformation, AddAccessAllowedAce, AllocateAndInitializeSid, AllocateLocallyUniqueId, FreeSid, SetKernelObjectSecurity, GetKernelObjectSecurity
api-ms-win-security-lsalookup-l1-1-0.dll
LsaLookupFreeMemory, LsaLookupTranslateSids, LsaLookupOpenLocalPolicy, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupClose
api-ms-win-security-sddl-l1-1-0.dll
ConvertSecurityDescriptorToStringSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll
SystemFunction005, SystemFunction029
kernel32.dll
TerminateProcess, SetProcessShutdownParameters, lstrcmpiW, FormatMessageW, ExitThread, ReleaseMutex, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, CreateMutexW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, SetConsoleCtrlHandler, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW, OpenEventW, GetCurrentThread
msvcrt.dll
DllMain
ncobjapi.dll
WmiSetAndCommitObject, WmiEventSourceConnect, WmiCreateObjectWithFormat
ntdll.dll
RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, NtQueryInformationToken, RtlQuerySecurityObject, RtlAddAccessAllowedAce, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, RtlSetSecurityObject, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject, EtwRegisterTraceGuidsW, RtlUnicodeStringToInteger, RtlSetLastWin32Error, NtTraceControl, RtlInitializeCriticalSection, NtQueueApcThread, NtOpenThread, EvtIntReportEventAndSourceAsync, RtlSetProcessIsCritical, EtwEventRegister, EtwEventWrite, NtFilterToken, NtAccessCheck, WinSqmAddToStream, RtlSetEnvironmentVariable, RtlCreateServiceSid, DbgPrintEx, RtlInitializeSRWLock, RtlAcquireSRWLockShared, RtlReleaseSRWLockShared, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, EtwTraceMessage, NtQuerySystemInformation, RtlNtStatusToDosErrorNoTeb, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle
rpcrt4.dll
RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, NdrAsyncClientCall, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf, RpcServerListen, RpcServerUnregisterIf, UuidCreate, RpcAsyncAbortCall, RpcServerUnsubscribeForNotification, UuidEqual, RpcServerUseProtseqW, RpcServerInqBindings, RpcEpRegisterW, RpcServerInqDefaultPrincNameW, UuidCreateNil, RpcServerInqCallAttributesW, RpcServerInqBindingHandle, I_RpcBindingInqLocalClientPID, I_RpcSessionStrictContextHandle, RpcSsGetContextBinding, RpcServerInqCallAttributesA, RpcBindingServerFromClient, RpcBindingVectorFree, RpcServerSubscribeForNotification, UuidFromStringW
scesrv.dll
ScesrvInitializeServer, ScesrvTerminateServer
sspicli.dll
LogonUserExExW
umpnpmgr.dll
RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys
user32.dll
wsprintfW, BroadcastSystemMessageW, MessageBoxW, LoadStringW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

Aplicación de servicios y controlador by Microsoft

Remove services.exe
Version:   5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
MD5:   f9852f505e0699bb83d5c6321917040b
SHA1:   6bbffbc98ba972a470307524f1fe07c2179841c6
SHA256:   88ef1abed8a1c198c94f3c8a88e79bc68f4cf6436ac549d4264ea34f313f82d4
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

services.exe runs as a service under the name Registro de sucesos (Eventlog) with extensive SYSTEM privileges (full administrator access) as a shared service. This version is installed on Windows XP and is compiled as a 32 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:Aplicación de servicios y controlador
Description:Sistema operativo Microsoft® Windows®
Typical file path:C:\Windows\System32\services.exe
File version:5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product version:5.1.2600.2180
Size:106 KB (108,544 bytes)
Build date:8/4/2004 12:14 AM
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'Eventlog' (Registro de sucesos)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00151951%
0.028634%
Kernel CPU:0.00053744%
0.013761%
User CPU:0.00098207%
0.014873%
Kernel CPU time:907,266 ms/min
100,923,805ms/min
Context switches:175/sec
284/sec
Memory
Private memory:1.84 MB
21.59 MB
Private (maximum):3.48 MB
Private (minimum):356 KB
Non-paged memory:1.84 MB
21.59 MB
Virtual memory:21.71 MB
140.96 MB
Virtual memory (peak):28.17 MB
169.69 MB
Working set:1.35 MB
18.61 MB
Working set (peak):3.64 MB
37.95 MB
Resource allocations
Threads:15
12
Handles:323
600
GUI GDI count:4
103
GUI USER count:2
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:C:\Windows\System32\services.exe
Owner:SYSTEM
Windows Service
Service name:Eventlog
Display name:Registro de sucesos
Description:“Habilita mensajes de registro de sucesos emitidos por programas basados en Windows y componentes para que se vean en Visor de sucesos. Este servicio no se puede detener. ”
Type:Win32ShareProcess
Parent process:winlogon.exe (by Microsoft)

ResourcesThreads

Averages
 
umpnpmgr.dll
Total CPU:0.00014016%
0.272967%
Kernel CPU:0.00007008%
0.107585%
User CPU:0.00007008%
0.165382%
Memory:124 KB
1.16 MB
NCObjAPI.DLL
Total CPU:0.00004681%
Kernel CPU:0.00000000%
User CPU:0.00004681%
Memory:48 KB
services.exe (main module)
Total CPU:0.00004672%
Kernel CPU:0.00004672%
User CPU:0.00000000%
Memory:112 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 66.67%
Windows 7 Ultimate 33.33%

Distribution by countryDistribution by country

Mexico installs about 66.67% of Aplicación de servicios y controlador.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 66.67%
American Megatrends 33.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE