Should I block it?

No, this file is 100% safe to run.

Relationships

Parent process
Child processes
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
AllocateLocallyUniqueId, RegOpenKeyW, ConvertSidToStringSidW, AllocateAndInitializeSid, FreeSid, LogonUserExW, LsaStorePrivateData, LsaLookupNames, AddAccessAllowedAce, SetTokenInformation, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser
kernel32.dll
GetCurrentThread, CreateMutexW, ReleaseMutex, ExitThread, FormatMessageW, lstrcmpiW, SetProcessShutdownParameters, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetConsoleCtrlHandler, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, OpenEventW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, TerminateProcess, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW
msvcrt.dll
DllMain
ncobjapi.dll
WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject
ntdll.dll
RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, RtlSetDaclSecurityDescriptor, RtlQuerySecurityObject, RtlSetSecurityObject, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, NtQueryInformationToken, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject
rpcrt4.dll
RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, RpcServerListen, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, RpcServerUnregisterIf, NdrAsyncClientCall, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf
scesrv.dll
ScesrvInitializeServer, ScesrvTerminateServer
umpnpmgr.dll
RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys
user32.dll
LoadStringW, wsprintfW, BroadcastSystemMessageW, MessageBoxW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

Usługi i aplikacja Kontroler by Microsoft

Remove services.exe
Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
MD5:   02a467e27af55f7064c5b251e587315f
SHA1:   39ea2bea964a932e0449bc9dc84a88829a2b5f17
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

services.exe runs as a service under the name Eventlog within the local user context as a shared service. This version is installed on Windows XP and is compiled as a 32 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:Usługi i aplikacja Kontroler
Description:System operacyjny Microsoft® Windows®
Typical file path:C:\Windows\System32\services.exe
File version:5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Product version:5.1.2600.5755
Size:108.5 KB (111,104 bytes)
Build date:2/6/2009 12:11 PM
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.01183466%
0.028634%
Kernel CPU:0.00633389%
0.013761%
User CPU:0.00550077%
0.014873%
Kernel CPU time:437,734,375 ms/min
100,923,805ms/min
Context switches:409/sec
284/sec
Memory
Private memory:2.93 MB
21.59 MB
Private (maximum):3.99 MB
Private (minimum):3.27 MB
Non-paged memory:2.93 MB
21.59 MB
Virtual memory:25.51 MB
140.96 MB
Virtual memory (peak):30.99 MB
169.69 MB
Working set:3.32 MB
18.61 MB
Working set (peak):4.45 MB
37.95 MB
Page faults:4,650/min
2,039/min
I/O
I/O read transfer:38 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:468 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:526 Bytes/sec
448.09 KB/min
I/O other operations:9/sec
1,671/min
Resource allocations
Threads:16
12
Handles:305
600
GUI GDI count:4
103

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:C:\Windows\System32\services.exe
Owner:User
Windows Service
Service name:Eventlog
Type:Win32ShareProcess
Parent process:winlogon.exe (Aplikacja logowania systemu Windows NT by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 100.00%

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 100.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE