Should I block it?

No, this file is 100% safe to run.

Relationships

Child processes
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
AllocateLocallyUniqueId, RegOpenKeyW, ConvertSidToStringSidW, AllocateAndInitializeSid, FreeSid, LogonUserExW, LsaStorePrivateData, LsaLookupNames, AddAccessAllowedAce, SetTokenInformation, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser
kernel32.dll
GetCurrentThread, CreateMutexW, ReleaseMutex, ExitThread, FormatMessageW, lstrcmpiW, SetProcessShutdownParameters, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetConsoleCtrlHandler, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, OpenEventW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, TerminateProcess, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW
msvcrt.dll
DllMain
ncobjapi.dll
WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject
ntdll.dll
RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, RtlSetDaclSecurityDescriptor, RtlQuerySecurityObject, RtlSetSecurityObject, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, NtQueryInformationToken, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject
rpcrt4.dll
RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, RpcServerListen, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, RpcServerUnregisterIf, NdrAsyncClientCall, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf
scesrv.dll
ScesrvInitializeServer, ScesrvTerminateServer
umpnpmgr.dll
RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys
user32.dll
LoadStringW, wsprintfW, BroadcastSystemMessageW, MessageBoxW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

‎‎יישום שירותים ובקר by Microsoft

Remove services.exe
Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
MD5:   d45a62d065043db325a301abd88ecc95
SHA1:   ede3503a3c049e00f820ab354c9257e9e6ba6f05
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

services.exe runs as a service under the name Event Log (Eventlog) with extensive SYSTEM privileges (full administrator access) as a shared service. This version is installed on Windows XP and is compiled as a 32 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:‎‎יישום שירותים ובקר
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\services.exe
File version:5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Product version:5.1.2600.5755
Size:108 KB (110,592 bytes)
Build date:2/6/2009 1:11 PM
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'Eventlog' (Event Log)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00080916%
0.028634%
Kernel CPU:0.00034118%
0.013761%
User CPU:0.00046797%
0.014873%
Kernel CPU time:20,375 ms/min
100,923,805ms/min
Memory
Private memory:1.86 MB
21.59 MB
Private (maximum):4.62 MB
Private (minimum):4.57 MB
Non-paged memory:1.86 MB
21.59 MB
Virtual memory:22.89 MB
140.96 MB
Virtual memory (peak):26.39 MB
169.69 MB
Working set:4.6 MB
18.61 MB
Working set (peak):4.68 MB
37.95 MB
Resource allocations
Threads:15
12
Handles:329
600
GUI GDI count:4
103
GUI USER count:2
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:C:\Windows\System32\services.exe
Owner:SYSTEM
Windows Service
Service name:Eventlog
Display name:Event Log
Type:Win32ShareProcess
Parent process:winlogon.exe (Windows NT Logon Application by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 100.00%

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
American Megatrends 100.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE