[已解决]出差一个月回来虚拟机打不开了 win10 64位系统

屁哥 · 发表于 2017-12-25 16:30:31

祝大家圣诞快乐！！！
虚心就求教

最佳答案

月排行榜 / 总排行榜

ironblood4416

2017-12-25 16:30:32

找日志看啊

跳转到最佳答案楼层

ironblood4416 · 发表于 2017-12-25 16:30:32

这个最佳答案由 ironblood4416 给出，感谢 ironblood4416 的回答。

单击隐藏图章

找日志看啊

屁哥 · 发表于 2017-12-27 15:48:02

ironblood4416 发表于 2017-12-27 12:17
找日志看啊

日志去哪里找我笔记本更新了什么玩意完事就不能用了重新卸载安装也是那样
我比较小白不会看日志。。。。

ironblood4416 · 发表于 2017-12-28 09:29:54

屁哥发表于 2017-12-27 15:48
日志去哪里找我笔记本更新了什么玩意完事就不能用了重新卸载安装也是那样
我比较小白不会看日志 ...

上面不是写着呢吗，C:/Users... 那个文件就是日志啊。。。看看里面什么内容

wyh33200 · 发表于 2017-12-28 11:11:09

ironblood4416 发表于 2017-12-28 09:29
上面不是写着呢吗，C:/Users... 那个文件就是日志啊。。。看看里面什么内容

道法自然 /滑稽

屁哥 · 发表于 2017-12-28 11:53:08

wyh33200 发表于 2017-12-28 11:11
道法自然 /滑稽

好的谢谢我再看看

屁哥 · 发表于 2017-12-28 12:08:58

屁哥发表于 2017-12-28 11:53
好的谢谢我再看看

2e8.33d8: Log file opened: 5.1.22r115126 g_hStartupLog=000000000000006c g_uNtVerCombined=0xa03fab00
2e8.33d8: \SystemRoot\System32\ntdll.dll:
2e8.33d8:    CreationTime: 2017-12-25T03:51:16.670062700Z
2e8.33d8:    LastWriteTime: 2017-12-25T03:51:16.670062700Z
2e8.33d8:    ChangeTime:    2017-12-25T09:23:44.630112100Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0x1dd100
2e8.33d8:    NT Headers:    0xe0
2e8.33d8:    Timestamp:    0x493793ea
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0x493793ea
2e8.33d8:    Image Version: 10.0
2e8.33d8:    SizeOfImage:    0x1e0000 (1966080)
2e8.33d8:    Resource Dir: 0x174000 LB 0x6a1d8
2e8.33d8:    [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    Microsoft® Windows® Operating System
2e8.33d8:    ProductVersion:  10.0.16299.64
2e8.33d8:    FileVersion:    10.0.16299.64 (WinBuild.160101.0800)
2e8.33d8:    FileDescription: NT Layer DLL
2e8.33d8: \SystemRoot\System32\kernel32.dll:
2e8.33d8:    CreationTime: 2017-09-29T13:42:04.954227600Z
2e8.33d8:    LastWriteTime: 2017-09-29T13:42:04.954227600Z
2e8.33d8:    ChangeTime:    2017-12-25T03:46:54.613519600Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0xab868
2e8.33d8:    NT Headers:    0xe8
2e8.33d8:    Timestamp:    0xc2cf900
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0xc2cf900
2e8.33d8:    Image Version: 10.0
2e8.33d8:    SizeOfImage:    0xae000 (712704)
2e8.33d8:    Resource Dir: 0xac000 LB 0x520
2e8.33d8:    [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    Microsoft® Windows® Operating System
2e8.33d8:    ProductVersion:  10.0.16299.15
2e8.33d8:    FileVersion:    10.0.16299.15 (WinBuild.160101.0800)
2e8.33d8:    FileDescription: Windows NT BASE API Client DLL
2e8.33d8: \SystemRoot\System32\KernelBase.dll:
2e8.33d8:    CreationTime: 2017-09-29T13:41:43.124345500Z
2e8.33d8:    LastWriteTime: 2017-09-29T13:41:43.124345500Z
2e8.33d8:    ChangeTime:    2017-12-25T03:46:54.707255600Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0x266000
2e8.33d8:    NT Headers:    0xf0
2e8.33d8:    Timestamp:    0x4736733c
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0x4736733c
2e8.33d8:    Image Version: 10.0
2e8.33d8:    SizeOfImage:    0x266000 (2514944)
2e8.33d8:    Resource Dir: 0x245000 LB 0x548
2e8.33d8:    [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    Microsoft® Windows® Operating System
2e8.33d8:    ProductVersion:  10.0.16299.15
2e8.33d8:    FileVersion:    10.0.16299.15 (WinBuild.160101.0800)
2e8.33d8:    FileDescription: Windows NT BASE API Client DLL
2e8.33d8: \SystemRoot\System32\apisetschema.dll:
2e8.33d8:    CreationTime: 2017-09-29T13:42:07.095026600Z
2e8.33d8:    LastWriteTime: 2017-09-29T13:42:07.095026600Z
2e8.33d8:    ChangeTime:    2017-12-25T09:23:44.645739200Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0x1b398
2e8.33d8:    NT Headers:    0xc8
2e8.33d8:    Timestamp:    0xf30abf31
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0xf30abf31
2e8.33d8:    Image Version: 10.0
2e8.33d8:    SizeOfImage:    0x1c000 (114688)
2e8.33d8:    Resource Dir: 0x1b000 LB 0x408
2e8.33d8:    [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    Microsoft® Windows® Operating System
2e8.33d8:    ProductVersion:  10.0.16299.15
2e8.33d8:    FileVersion:    10.0.16299.15 (WinBuild.160101.0800)
2e8.33d8:    FileDescription: ApiSet Schema DLL
2e8.33d8: Found driver mfewfpk (0x20)
2e8.33d8: Found driver mfehidk (0x20)
2e8.33d8: Found driver mfeavfk (0x20)
2e8.33d8: Found driver mfefirek (0x20)
2e8.33d8: supR3HardenedWinFindAdversaries: 0x20
2e8.33d8: \SystemRoot\System32\drivers\cfwids.sys:
2e8.33d8:    CreationTime: 2016-03-11T09:04:44.000000000Z
2e8.33d8:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
2e8.33d8:    ChangeTime:    2017-12-25T03:55:02.836052400Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0x13328
2e8.33d8:    NT Headers:    0xf0
2e8.33d8:    Timestamp:    0x571a4aa7
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0x571a4aa7
2e8.33d8:    Image Version: 0.0
2e8.33d8:    SizeOfImage:    0x16000 (90112)
2e8.33d8:    Resource Dir: 0x14000 LB 0x550
2e8.33d8:    [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0x140a0 LB 0x318, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    SYSCORE
2e8.33d8:    ProductVersion:  15.4.0.822
2e8.33d8:    FileVersion:    SYSCORE.15.4.0.822
2e8.33d8:    PrivateBuild: SYSCORE.15.4.0.822
2e8.33d8:    FileDescription: McAfee Personal Firewall IDS Plugin
2e8.33d8: \SystemRoot\System32\drivers\mfeavfk.sys:
2e8.33d8:    CreationTime: 2016-03-11T09:04:44.000000000Z
2e8.33d8:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
2e8.33d8:    ChangeTime:    2017-12-25T03:55:02.836052400Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0x55528
2e8.33d8:    NT Headers:    0xe8
2e8.33d8:    Timestamp:    0x571a4a46
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0x571a4a46
2e8.33d8:    Image Version: 0.0
2e8.33d8:    SizeOfImage:    0x57000 (356352)
2e8.33d8:    Resource Dir: 0x55000 LB 0x758
2e8.33d8:    [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0x55110 LB 0x334, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    SYSCORE
2e8.33d8:    ProductVersion:  15.4.0.822
2e8.33d8:    FileVersion:    SYSCORE.15.4.0.822
2e8.33d8:    PrivateBuild: SYSCORE.15.4.0.822 F15,F16,F19
2e8.33d8:    FileDescription: Anti-Virus File System Filter Driver
2e8.33d8: \SystemRoot\System32\drivers\mfefirek.sys:
2e8.33d8:    CreationTime: 2016-03-11T09:04:44.000000000Z
2e8.33d8:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
2e8.33d8:

屁哥 · 发表于 2017-12-28 12:09:32

屁哥发表于 2017-12-28 11:53
好的谢谢我再看看

  ChangeTime:    2017-12-25T03:55:02.836052400Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0x78728
2e8.33d8:    NT Headers:    0xe8
2e8.33d8:    Timestamp:    0x571a4a87
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0x571a4a87
2e8.33d8:    Image Version: 0.0
2e8.33d8:    SizeOfImage:    0x7b000 (503808)
2e8.33d8:    Resource Dir: 0x77000 LB 0x388
2e8.33d8:    [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0x77060 LB 0x328, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    SYSCORE
2e8.33d8:    ProductVersion:  15.4.0.822
2e8.33d8:    FileVersion:    SYSCORE.15.4.0.822
2e8.33d8:    PrivateBuild: SYSCORE.15.4.0.822 F17,F18
2e8.33d8:    FileDescription: McAfee Core Firewall Engine Driver
2e8.33d8: \SystemRoot\System32\drivers\mfehidk.sys:
2e8.33d8:    CreationTime: 2016-03-11T09:04:44.000000000Z
2e8.33d8:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
2e8.33d8:    ChangeTime:    2017-12-25T03:55:02.836052400Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0xcdd28
2e8.33d8:    NT Headers:    0x100
2e8.33d8:    Timestamp:    0x571a49df
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0x571a49df
2e8.33d8:    Image Version: 0.0
2e8.33d8:    SizeOfImage:    0xd9000 (888832)
2e8.33d8:    Resource Dir: 0xd5000 LB 0x758
2e8.33d8:    [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0xd5110 LB 0x320, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    SYSCORE
2e8.33d8:    ProductVersion:  15.4.0.822
2e8.33d8:    FileVersion:    SYSCORE.15.4.0.822
2e8.33d8:    PrivateBuild: SYSCORE.15.4.0.822 F14,F15,F16,F18,F20
2e8.33d8:    FileDescription: McAfee Link Driver
2e8.33d8: \SystemRoot\System32\drivers\mfewfpk.sys:
2e8.33d8:    CreationTime: 2016-03-11T09:04:44.000000000Z
2e8.33d8:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
2e8.33d8:    ChangeTime:    2017-12-25T03:55:02.836052400Z
2e8.33d8:    FileAttributes:  0x20
2e8.33d8:    Size:          0x3b728
2e8.33d8:    NT Headers:    0xf0
2e8.33d8:    Timestamp:    0x571a49f1
2e8.33d8:    Machine:       0x8664 - amd64
2e8.33d8:    Timestamp:    0x571a49f1
2e8.33d8:    Image Version: 0.0
2e8.33d8:    SizeOfImage:    0x59000 (364544)
2e8.33d8:    Resource Dir: 0x57000 LB 0x380
2e8.33d8:    [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e8.33d8:    [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
2e8.33d8:    ProductName:    SYSCORE
2e8.33d8:    ProductVersion:  15.4.0.822
2e8.33d8:    FileVersion:    SYSCORE.15.4.0.822
2e8.33d8:    PrivateBuild: SYSCORE.15.4.0.822 F17,F18
2e8.33d8:    FileDescription: Anti-Virus Mini-Firewall Driver
2e8.33d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2e8.33d8: Calling main()
2e8.33d8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2e8.33d8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2e8.33d8: SUPR3HardenedMain: Respawn #1
2e8.33d8: System32:  \Device\HarddiskVolume3\Windows\System32
2e8.33d8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2e8.33d8: KnownDllPath: C:\WINDOWS\System32
2e8.33d8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2e8.33d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2e8.33d8: supR3HardNtEnableThreadCreation:
2e8.33d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8981791b0 pvNtTerminateThread=00007ff8981a0890
2e8.33d8: supR3HardenedWinDoReSpawn(1): New child 1a0.303c [kernel32].
2e8.33d8: supR3HardNtChildGatherData: PebBaseAddress=00000000003a9000 cbPeb=0x388
2e8.33d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff898100000 uNtDllChildAddr=00007ff898100000
2e8.33d8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8981791b0
2e8.33d8: supR3HardenedWinSetupChildInit: Start child.
2e8.33d8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 46 ms.
2e8.33d8: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 60 sleeps
2e8.33d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2e8.33d8:  *0000000000000000-00000000001bffff 0x0001/0x0000 0x0000000
2e8.33d8:  *00000000001c0000-00000000001dffff 0x0004/0x0004 0x0020000
2e8.33d8:  *00000000001e0000-00000000001f8fff 0x0002/0x0002 0x0040000
2e8.33d8: 00000000001f9000-00000000001fffff 0x0001/0x0000 0x0000000
2e8.33d8:  *0000000000200000-00000000003a8fff 0x0000/0x0004 0x0020000
2e8.33d8: 00000000003a9000-00000000003abfff 0x0004/0x0004 0x0020000
2e8.33d8: 00000000003ac000-00000000003fffff 0x0000/0x0004 0x0020000
2e8.33d8:  *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
2e8.33d8: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
2e8.33d8: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
2e8.33d8:  *0000000000500000-0000000000503fff 0x0002/0x0002 0x0040000
2e8.33d8: 0000000000504000-000000000050ffff 0x0001/0x0000 0x0000000
2e8.33d8:  *0000000000510000-0000000000510fff 0x0004/0x0004 0x0020000
2e8.33d8: 0000000000511000-000000007ffdffff 0x0001/0x0000 0x0000000
2e8.33d8:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2e8.33d8:  *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2e8.33d8: 000000007fff0000-00007ff742bfffff 0x0001/0x0000 0x0000000
2e8.33d8:  *00007ff742c00000-00007ff742c32fff 0x0002/0x0002 0x0040000
2e8.33d8: 00007ff742c33000-00007ff74383ffff 0x0001/0x0000 0x0000000
2e8.33d8:  *00007ff743840000-00007ff743840fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff743841000-00007ff7438b0fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff7438b1000-00007ff7438b1fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff7438b2000-00007ff7438f6fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff7438f7000-00007ff7438f7fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff7438f8000-00007ff7438f8fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff7438f9000-00007ff7438fdfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff7438fe000-00007ff7438fefff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff7438ff000-00007ff7438fffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff743900000-00007ff743903fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff743904000-00007ff74394bfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2e8.33d8: 00007ff74394c000-00007ff8980fffff 0x0001/0x0000 0x0000000
2e8.33d8:  *00007ff898100000-00007ff898100fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2e8.33d8: 00007ff898101000-00007ff898212fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2e8.33d8: 00007ff898213000-00007ff898258fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2e8.33d8: 00007ff898259000-00007ff898260fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2e8.33d8: 00007ff898261000-00007ff89826efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2e8.33d8: 00007ff89826f000-00007ff89826ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2e8.33d8: 00007ff898270000-00007ff898272fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2e8.33d8: 00007ff898273000-00007ff8982dffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2e8.33d8: 00007ff8982e0000-00007ffffffdffff 0x0001/0x0000 0x0000000
2e8.33d8:  *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2e8.33d8:

屁哥 · 发表于 2017-12-28 12:10:06

屁哥发表于 2017-12-28 11:53
好的谢谢我再看看

  VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
2e8.33d8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2e8.33d8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2e8.33d8: supR3HardNtChildPurify: Done after 582 ms and 0 fixes (loop #0).
1a0.303c: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
2e8.33d8: supR3HardNtEnableThreadCreation:
1a0.303c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff898100000 g_uNtVerCombined=0xa03fab00
1a0.303c: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
1a0.303c: New simple heap: #1 0000000000620000 LB 0x400000 (for 1966080 allocation)
1a0.303c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1a0.303c: System32:  \Device\HarddiskVolume3\Windows\System32
1a0.303c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1a0.303c: KnownDllPath: C:\WINDOWS\System32
1a0.303c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1a0.303c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1a0.303c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1a0.303c: Registered Dll notification callback with NTDLL.
1a0.303c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1a0.303c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1a0.303c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1a0.303c: supR3HardenedDllNotificationCallback: load 00007ff894b10000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1a0.303c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1a0.303c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1a0.303c: supR3HardenedDllNotificationCallback: load 00007ff8957e0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1a0.303c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1a0.303c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8957e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
1a0.303c: supR3HardenedDllNotificationCallback: load 00007ff743840000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1a0.303c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1a0.303c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1a0.303c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8981791b0 pvNtTerminateThread=00007ff8981a0890
2e8.33d8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 89 ms.
1a0.303c: \SystemRoot\System32\ntdll.dll:
1a0.303c:    CreationTime: 2017-12-25T03:51:16.670062700Z
1a0.303c:    LastWriteTime: 2017-12-25T03:51:16.670062700Z
1a0.303c:    ChangeTime:    2017-12-25T09:23:44.630112100Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0x1dd100
1a0.303c:    NT Headers:    0xe0
1a0.303c:    Timestamp:    0x493793ea
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0x493793ea
1a0.303c:    Image Version: 10.0
1a0.303c:    SizeOfImage:    0x1e0000 (1966080)
1a0.303c:    Resource Dir: 0x174000 LB 0x6a1d8
1a0.303c:    [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    Microsoft® Windows® Operating System
1a0.303c:    ProductVersion:  10.0.16299.64
1a0.303c:    FileVersion:    10.0.16299.64 (WinBuild.160101.0800)
1a0.303c:    FileDescription: NT Layer DLL
1a0.303c: \SystemRoot\System32\kernel32.dll:
1a0.303c:    CreationTime: 2017-09-29T13:42:04.954227600Z
1a0.303c:    LastWriteTime: 2017-09-29T13:42:04.954227600Z
1a0.303c:    ChangeTime:    2017-12-25T03:46:54.613519600Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0xab868
1a0.303c:    NT Headers:    0xe8
1a0.303c:    Timestamp:    0xc2cf900
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0xc2cf900
1a0.303c:    Image Version: 10.0
1a0.303c:    SizeOfImage:    0xae000 (712704)
1a0.303c:    Resource Dir: 0xac000 LB 0x520
1a0.303c:    [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    Microsoft® Windows® Operating System
1a0.303c:    ProductVersion:  10.0.16299.15
1a0.303c:    FileVersion:    10.0.16299.15 (WinBuild.160101.0800)
1a0.303c:    FileDescription: Windows NT BASE API Client DLL
1a0.303c: \SystemRoot\System32\KernelBase.dll:
1a0.303c:    CreationTime: 2017-09-29T13:41:43.124345500Z
1a0.303c:    LastWriteTime: 2017-09-29T13:41:43.124345500Z
1a0.303c:    ChangeTime:    2017-12-25T03:46:54.707255600Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0x266000
1a0.303c:    NT Headers:    0xf0
1a0.303c:    Timestamp:    0x4736733c
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0x4736733c
1a0.303c:    Image Version: 10.0
1a0.303c:    SizeOfImage:    0x266000 (2514944)
1a0.303c:    Resource Dir: 0x245000 LB 0x548
1a0.303c:    [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    Microsoft® Windows® Operating System
1a0.303c:    ProductVersion:  10.0.16299.15
1a0.303c:    FileVersion:    10.0.16299.15 (WinBuild.160101.0800)
1a0.303c:    FileDescription: Windows NT BASE API Client DLL
1a0.303c: \SystemRoot\System32\apisetschema.dll:
1a0.303c:    CreationTime: 2017-09-29T13:42:07.095026600Z
1a0.303c:    LastWriteTime: 2017-09-29T13:42:07.095026600Z
1a0.303c:    ChangeTime:    2017-12-25T09:23:44.645739200Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0x1b398
1a0.303c:    NT Headers:    0xc8
1a0.303c:    Timestamp:    0xf30abf31
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0xf30abf31
1a0.303c:    Image Version: 10.0
1a0.303c:    SizeOfImage:    0x1c000 (114688)
1a0.303c:    Resource Dir: 0x1b000 LB 0x408
1a0.303c:    [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    Microsoft® Windows® Operating System
1a0.303c:    ProductVersion:  10.0.16299.15
1a0.303c:    FileVersion:    10.0.16299.15 (WinBuild.160101.0800)
1a0.303c:    FileDescription: ApiSet Schema DLL
1a0.303c: Found driver mfewfpk (0x20)
1a0.303c: Found driver mfehidk (0x20)
1a0.303c: Found driver mfeavfk (0x20)
1a0.303c: Found driver mfefirek (0x20)
1a0.303c: supR3HardenedWinFindAdversaries: 0x20
1a0.303c: \SystemRoot\System32\drivers\cfwids.sys:
1a0.303c:    CreationTime: 2016-03-11T09:04:44.000000000Z
1a0.303c:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
1a0.303c:    ChangeTime:    2017-12-25T03:55:02.836052400Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0x13328
1a0.303c:    NT Headers:    0xf0
1a0.303c:    Timestamp:    0x571a4aa7
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0x571a4aa7
1a0.303c:    Image Version: 0.0
1a0.303c:    SizeOfImage:    0x16000 (90112)
1a0.303c:    Resource Dir: 0x14000 LB 0x550
1a0.303c:    [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0x140a0 LB 0x318, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    SYSCORE
1a0.303c:    ProductVersion:  15.4.0.822
1a0.303c:    FileVersion:    SYSCORE.15.4.0.822
1a0.303c:    PrivateBuild: SYSCORE.15.4.0.822
1a0.303c:    FileDescription: McAfee Personal Firewall IDS Plugin
1a0.303c: \SystemRoot\System32\drivers\mfeavfk.sys:
1a0.303c:

屁哥 · 发表于 2017-12-28 12:10:42

屁哥发表于 2017-12-28 11:53
好的谢谢我再看看

CreationTime: 2016-03-11T09:04:44.000000000Z
1a0.303c:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
1a0.303c:    ChangeTime:    2017-12-25T03:55:02.836052400Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0x55528
1a0.303c:    NT Headers:    0xe8
1a0.303c:    Timestamp:    0x571a4a46
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0x571a4a46
1a0.303c:    Image Version: 0.0
1a0.303c:    SizeOfImage:    0x57000 (356352)
1a0.303c:    Resource Dir: 0x55000 LB 0x758
1a0.303c:    [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0x55110 LB 0x334, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    SYSCORE
1a0.303c:    ProductVersion:  15.4.0.822
1a0.303c:    FileVersion:    SYSCORE.15.4.0.822
1a0.303c:    PrivateBuild: SYSCORE.15.4.0.822 F15,F16,F19
1a0.303c:    FileDescription: Anti-Virus File System Filter Driver
1a0.303c: \SystemRoot\System32\drivers\mfefirek.sys:
1a0.303c:    CreationTime: 2016-03-11T09:04:44.000000000Z
1a0.303c:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
1a0.303c:    ChangeTime:    2017-12-25T03:55:02.836052400Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0x78728
1a0.303c:    NT Headers:    0xe8
1a0.303c:    Timestamp:    0x571a4a87
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0x571a4a87
1a0.303c:    Image Version: 0.0
1a0.303c:    SizeOfImage:    0x7b000 (503808)
1a0.303c:    Resource Dir: 0x77000 LB 0x388
1a0.303c:    [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0x77060 LB 0x328, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    SYSCORE
1a0.303c:    ProductVersion:  15.4.0.822
1a0.303c:    FileVersion:    SYSCORE.15.4.0.822
1a0.303c:    PrivateBuild: SYSCORE.15.4.0.822 F17,F18
1a0.303c:    FileDescription: McAfee Core Firewall Engine Driver
1a0.303c: \SystemRoot\System32\drivers\mfehidk.sys:
1a0.303c:    CreationTime: 2016-03-11T09:04:44.000000000Z
1a0.303c:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
1a0.303c:    ChangeTime:    2017-12-25T03:55:02.836052400Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0xcdd28
1a0.303c:    NT Headers:    0x100
1a0.303c:    Timestamp:    0x571a49df
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0x571a49df
1a0.303c:    Image Version: 0.0
1a0.303c:    SizeOfImage:    0xd9000 (888832)
1a0.303c:    Resource Dir: 0xd5000 LB 0x758
1a0.303c:    [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0xd5110 LB 0x320, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    SYSCORE
1a0.303c:    ProductVersion:  15.4.0.822
1a0.303c:    FileVersion:    SYSCORE.15.4.0.822
1a0.303c:    PrivateBuild: SYSCORE.15.4.0.822 F14,F15,F16,F18,F20
1a0.303c:    FileDescription: McAfee Link Driver
1a0.303c: \SystemRoot\System32\drivers\mfewfpk.sys:
1a0.303c:    CreationTime: 2016-03-11T09:04:44.000000000Z
1a0.303c:    LastWriteTime: 2016-08-01T22:49:30.000000000Z
1a0.303c:    ChangeTime:    2017-12-25T03:55:02.836052400Z
1a0.303c:    FileAttributes:  0x20
1a0.303c:    Size:          0x3b728
1a0.303c:    NT Headers:    0xf0
1a0.303c:    Timestamp:    0x571a49f1
1a0.303c:    Machine:       0x8664 - amd64
1a0.303c:    Timestamp:    0x571a49f1
1a0.303c:    Image Version: 0.0
1a0.303c:    SizeOfImage:    0x59000 (364544)
1a0.303c:    Resource Dir: 0x57000 LB 0x380
1a0.303c:    [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1a0.303c:    [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
1a0.303c:    ProductName:    SYSCORE
1a0.303c:    ProductVersion:  15.4.0.822
1a0.303c:    FileVersion:    SYSCORE.15.4.0.822
1a0.303c:    PrivateBuild: SYSCORE.15.4.0.822 F17,F18
1a0.303c:    FileDescription: Anti-Virus Mini-Firewall Driver
1a0.303c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1a0.303c: Calling main()
1a0.303c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1a0.303c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1a0.303c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1a0.303c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1a0.303c: SUPR3HardenedMain: Respawn #2
1a0.303c: supR3HardNtEnableThreadCreation:
1a0.303c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1a0.303c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
1a0.303c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1a0.303c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff898100000 'C:\WINDOWS\System32\ntdll.dll'
1a0.303c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8981791b0 pvNtTerminateThread=00007ff8981a0890
1a0.303c: supR3HardenedWinDoReSpawn(2): New child 28a8.22fc [kernel32].
1a0.303c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
1a0.303c: supR3HardNtChildGatherData: PebBaseAddress=0000000000964000 cbPeb=0x388
1a0.303c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff898100000 uNtDllChildAddr=00007ff898100000
1a0.303c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8981791b0
1a0.303c: supR3HardenedWinSetupChildInit: Start child.
1a0.303c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 19 ms.
1a0.303c: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 59 sleeps
1a0.303c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1a0.303c:  *0000000000000000-00000000006bffff 0x0001/0x0000 0x0000000
1a0.303c:  *00000000006c0000-00000000006dffff 0x0004/0x0004 0x0020000
1a0.303c:  *00000000006e0000-00000000006f8fff 0x0002/0x0002 0x0040000
1a0.303c: 00000000006f9000-00000000006fffff 0x0001/0x0000 0x0000000
1a0.303c:  *0000000000700000-00000000007fafff 0x0000/0x0004 0x0020000
1a0.303c: 00000000007fb000-00000000007fdfff 0x0104/0x0004 0x0020000
1a0.303c: 00000000007fe000-00000000007fffff 0x0004/0x0004 0x0020000
1a0.303c:  *0000000000800000-0000000000963fff 0x0000/0x0004 0x0020000
1a0.303c: 0000000000964000-0000000000966fff 0x0004/0x0004 0x0020000
1a0.303c: 0000000000967000-00000000009fffff 0x0000/0x0004 0x0020000
1a0.303c:  *0000000000a00000-0000000000a03fff 0x0002/0x0002 0x0040000
1a0.303c: 0000000000a04000-0000000000a0ffff 0x0001/0x0000 0x0000000
1a0.303c:  *0000000000a10000-0000000000a10fff 0x0004/0x0004 0x0020000
1a0.303c: 0000000000a11000-000000007ffdffff 0x0001/0x0000 0x0000000
1a0.303c:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1a0.303c:  *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1a0.303c: 000000007fff0000-00007ff742c8ffff 0x0001/0x0000 0x0000000
1a0.303c:  *00007ff742c90000-00007ff742cc2fff 0x0002/0x0002 0x0040000
1a0.303c: 00007ff742cc3000-00007ff74383ffff 0x0001/0x0000 0x0000000
1a0.303c:  *00007ff743840000-00007ff743840fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff743841000-00007ff7438b0fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff7438b1000-00007ff7438b1fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff7438b2000-00007ff7438f6fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff7438f7000-00007ff7438f7fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff7438f8000-00007ff7438f8fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff7438f9000-00007ff7438fdfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff7438fe000-00007ff7438fefff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c:

屁哥 · 发表于 2017-12-28 12:11:24

wyh33200 发表于 2017-12-28 11:11
道法自然 /滑稽

  00007ff7438ff000-00007ff7438fffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff743900000-00007ff743903fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff743904000-00007ff74394bfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1a0.303c: 00007ff74394c000-00007ff8980fffff 0x0001/0x0000 0x0000000
1a0.303c:  *00007ff898100000-00007ff898100fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: 00007ff898101000-00007ff898212fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: 00007ff898213000-00007ff898258fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: 00007ff898259000-00007ff898260fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: 00007ff898261000-00007ff89826efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: 00007ff89826f000-00007ff89826ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: 00007ff898270000-00007ff898272fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: 00007ff898273000-00007ff8982dffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1a0.303c: 00007ff8982e0000-00007ffffffdffff 0x0001/0x0000 0x0000000
1a0.303c:  *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
1a0.303c: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
1a0.303c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1a0.303c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1a0.303c: supR3HardNtChildPurify: Done after 577 ms and 0 fixes (loop #0).
1a0.303c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000620000 LB 0x400000)
28a8.22fc: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
28a8.22fc: supR3HardenedVmProcessInit: uNtDllAddr=00007ff898100000 g_uNtVerCombined=0xa03fab00
1a0.303c: supR3HardNtEnableThreadCreation:
28a8.22fc: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
28a8.22fc: New simple heap: #1 0000000000b20000 LB 0x400000 (for 1966080 allocation)
28a8.22fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
28a8.22fc: System32:  \Device\HarddiskVolume3\Windows\System32
28a8.22fc: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
28a8.22fc: KnownDllPath: C:\WINDOWS\System32
28a8.22fc: supR3HardenedVmProcessInit: Opening vboxdrv...
28a8.22fc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
28a8.22fc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
28a8.22fc: Registered Dll notification callback with NTDLL.
28a8.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
28a8.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
28a8.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
28a8.22fc: supR3HardenedDllNotificationCallback: load 00007ff894b10000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
28a8.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
28a8.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28a8.22fc: supR3HardenedDllNotificationCallback: load 00007ff8957e0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
28a8.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
28a8.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8957e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
28a8.22fc: supR3HardenedDllNotificationCallback: load 00007ff743840000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
28a8.22fc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
28a8.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
28a8.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
28a8.22fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8981791b0 pvNtTerminateThread=00007ff8981a0890
1a0.303c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 100 ms.
28a8.22fc: \SystemRoot\System32\ntdll.dll:
28a8.22fc:    CreationTime: 2017-12-25T03:51:16.670062700Z
28a8.22fc:    LastWriteTime: 2017-12-25T03:51:16.670062700Z
28a8.22fc:    ChangeTime:    2017-12-25T09:23:44.630112100Z
28a8.22fc:    FileAttributes:  0x20
28a8.22fc:    Size:          0x1dd100
28a8.22fc:    NT Headers:    0xe0
28a8.22fc:    Timestamp:    0x493793ea
28a8.22fc:    Machine:       0x8664 - amd64
28a8.22fc:    Timestamp:    0x493793ea
28a8.22fc:    Image Version: 10.0
28a8.22fc:    SizeOfImage:    0x1e0000 (1966080)
28a8.22fc:    Resource Dir: 0x174000 LB 0x6a1d8
28a8.22fc:    [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
28a8.22fc:    [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
28a8.22fc:    ProductName:    Microsoft® Windows® Operating System
28a8.22fc:    ProductVersion:  10.0.16299.64
28a8.22fc:    FileVersion:    10.0.16299.64 (WinBuild.160101.0800)
28a8.22fc:    FileDescription: NT Layer DLL
28a8.22fc: \SystemRoot\System32\kernel32.dll:
28a8.22fc:    CreationTime: 2017-09-29T13:42:04.954227600Z
28a8.22fc:    LastWriteTime: 2017-09-29T13:42:04.954227600Z
28a8.22fc:    ChangeTime:    2017-12-25T03:46:54.613519600Z
28a8.22fc:    FileAttributes:  0x20
28a8.22fc:    Size:          0xab868
28a8.22fc:    NT Headers:    0xe8
28a8.22fc:    Timestamp:    0xc2cf900
28a8.22fc:    Machine:       0x8664 - amd64
28a8.22fc:    Timestamp:    0xc2cf900
28a8.22fc:    Image Version: 10.0
28a8.22fc:    SizeOfImage:    0xae000 (712704)
28a8.22fc:    Resource Dir: 0xac000 LB 0x520
28a8.22fc:    [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
28a8.22fc:    [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
28a8.22fc:    ProductName:    Microsoft® Windows® Operating System
28a8.22fc:    ProductVersion:  10.0.16299.15
28a8.22fc:    FileVersion:    10.0.16299.15 (WinBuild.160101.0800)
28a8.22fc:    FileDescription: Windows NT BASE API Client DLL
28a8.22fc: \SystemRoot\System32\KernelBase.dll:
28a8.22fc:    CreationTime: 2017-09-29T13:41:43.124345500Z
28a8.22fc:    LastWriteTime: 2017-09-29T13:41:43.124345500Z
28a8.22fc:    ChangeTime:    2017-12-25T03:46:54.707255600Z
28a8.22fc:    FileAttributes:  0x20
28a8.22fc:    Size:          0x266000
28a8.22fc:    NT Headers:    0xf0
28a8.22fc:    Timestamp:    0x4736733c
28a8.22fc:    Machine:       0x8664 - amd64
28a8.22fc:    Timestamp:    0x4736733c
28a8.22fc:    Image Version: 10.0
28a8.22fc:    SizeOfImage:    0x266000 (2514944)
28a8.22fc:    Resource Dir: 0x245000 LB 0x548
28a8.22fc:    [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
28a8.22fc:    [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
28a8.22fc:    ProductName:    Microsoft® Windows® Operating System
28a8.22fc:    ProductVersion:  10.0.16299.15
28a8.22fc:    FileVersion:    10.0.16299.15 (WinBuild.160101.0800)
28a8.22fc:    FileDescription: Windows NT BASE API Client DLL
28a8.22fc: \SystemRoot\System32\apisetschema.dll:
28a8.22fc:    CreationTime: 2017-09-29T13:42:07.095026600Z
28a8.22fc:    LastWriteTime: 2017-09-29T13:42:07.095026600Z
28a8.22fc:    ChangeTime:    2017-12-25T09:23:44.645739200Z
28a8.22fc:    FileAttributes:  0x20
28a8.22fc:    Size:          0x1b398
28a8.22fc:    NT Headers:    0xc8
28a8.22fc:    Timestamp:    0xf30abf31
28a8.22fc:    Machine:       0x8664 - amd64
28a8.22fc:    Timestamp:    0xf30abf31
28a8.22fc:    Image Version: 10.0
28a8.22fc:    SizeOfImage:    0x1c000 (114688)
28a8.22fc:    Resource Dir: 0x1b000 LB 0x408
28a8.22fc:    [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
28a8.22fc:    [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
28a8.22fc:    ProductName:    Microsoft® Windows® Operating System
28a8.22fc: