Сисинфо любопытное прям с начала:
<Antivirus displayName="Dr.Web Security Space" instanceGuid="{1F0B3F76-4795-94AD-DF9E-2678C33ACA8F}" enabled="false" onAccessScanningEnabled="false" uptodate="true" productUptoDate="true" />
<Antivirus displayName="Dr.Web Security Space" instanceGuid="{0A56AC17-36B3-8320-3A3C-9B74469F0756}" enabled="true" onAccessScanningEnabled="true" uptodate="true" productUptoDate="true" />
Смущают:
2020-Mar-30 19:53:45.401421 [ 5412] [INF] [arkdll] [5012]
id: 58001, timestamp: 19:52:29.830, type: PsInject (43), flags: 1 (wait: 1)
sid: S-1-5-20, cid: 8264/7432:\Device\HarddiskVolume2\Windows\System32\SppExtComObjPatcher.exe
context: start addr: 0x7ff6bdeb65d0, image: 0x7ff6bdeb0000:\Device\HarddiskVolume2\Windows\System32\SppExtComObjPatcher.exe
hips: type: 18, action: deny [5]
curdir: C:\WINDOWS\system32\, cmd: SppExtComObjPatcher.exe C:\WINDOWS\system32\SppExtComObj.exe -Embedding
fileinfo: size: 4096, easize: 40, attr: 0x20, buildtime: 12.01.2014 08:50:52.000, ctime: 30.03.2020 19:52:22.928, atime: 30.03.2020 19:52:22.931, mtime: 30.03.2020 19:52:22.861, descr: , v
er: , company: , oname:
file sha1: 9162c4e04cfa48296a77ce2aa92c79f799e2a32d
file sha256: 68b536fb2a6a8c9a2b36e17ead46343d156020c75c559ed068483ecf5bc3f060
status: unsigned, pe64, new_pe / unsigned / unknown / unknown / unknown
inject: CreateThread [3], flags: 0x40, start addr: 0x7ffda898e4f0, addr: 0x0, param: 0x20603390000, len: 0, target: bitness: 64, init: 0, image: \Device\HarddiskVolume2\Windows\System32\Sp
pExtComObj.Exe:5796
fileinfo: size: 578560, easize: 272, attr: 0x20, buildtime: 0, ctime: 12.03.2020 09:11:41.790, atime: 12.03.2020 09:11:41.846, mtime: 12.03.2020 09:11:41.846, descr: KMS Connection Broker,
ver: 10.0.18362.719 (WinBuild.160101.0800), company: Microsoft Corporation, oname: SppExtComObj.exe
status: signed_microsoft / signed_microsoft / unknown / unknown / unknown
inject attrib: call kernel32.dll!LoadLibraryW
loaded image: \Device\HarddiskVolume2\WINDOWS\system32\SppExtComObjHook.dll
fileinfo: size: 16760, easize: 40, attr: 0x20, buildtime: 12.01.2014 08:50:53.000, ctime: 30.03.2020 19:52:23.000, atime: 30.03.2020 19:52:23.003, mtime: 30.03.2020 19:52:22.857, descr: ,
ver: , company: , oname:
signer: CN=WZTeam, timestamp: 18.09.2017 16:13:47.000, thumbprint: 648384a4dee53d4c1c87e10d67cc99307ccc9c98
file sha1: b4e9c27345437f2f1285a705eacaddb64422c88d
file sha256: 26ae72400087f417accedb8f68f1e7df88a7b0b5904a17ac6fcb1d54e9b29980
status: pe64, dll / root_not_trusted / unknown / unknown / unknown
threat: DPH:Trojan.Inject.3.64 ==> send user blocked alert
path: \Device\HarddiskVolume2\WINDOWS\system32\SppExtComObjHook.dll ==> denied access to file
path: \Device\HarddiskVolume2\WINDOWS\system32\SppExtComObjHook.dll ==> quarantined
disinfect: \Device\HarddiskVolume2\WINDOWS\system32\SppExtComObjHook.dll ==> quarantined [8]
analyze object behavior and find traces:
can't find traces for object: \Device\HarddiskVolume2\WINDOWS\system32\SppExtComObjHook.dll
threat: DPH:Trojan.Inject.3.64 ==> sended user virus found alert
path: \Device\HarddiskVolume2\Windows\System32\SppExtComObjPatcher.exe ==> denied access to file
process: \Device\HarddiskVolume2\Windows\System32\SppExtComObjPatcher.exe:8264 ==> suspended all threads in process
path: \Device\HarddiskVolume2\Windows\System32\SppExtComObjPatcher.exe ==> quarantined
send driver event reply for unblock process ==> success
process: \Device\HarddiskVolume2\Windows\System32\SppExtComObjPatcher.exe:8264 ==> terminated
disinfect: \Device\HarddiskVolume2\Windows\System32\SppExtComObjPatcher.exe ==> quarantined [8]
analyze object behavior and find traces:
can't find traces for object: \Device\HarddiskVolume2\Windows\System32\SppExtComObjPatcher.exe
threat: DPH:Trojan.Inject.3.64 ==> sended user virus found alert
process: \Device\HarddiskVolume2\Windows\System32\SppExtComObj.Exe:5796 ==> suspended all threads in process
process: \Device\HarddiskVolume2\Windows\System32\SppExtComObj.Exe:5796 ==> terminated
send user blocked alert
id: 58001 ==> denied [5], time: 75570.612900 ms
+ странные ошибки сервиса MessagingService_* (каждый раз дропается с разным постфиксом) "Устройство не готово".
Но это так, на заметку.
Непосредственно по принтеру, тут нужен лог с уровнем логгирования гейта поподробней (насколько помню, включается просто галкой "Подробный журнал" или как-то так).
Сообщение было изменено Kirill Polubelov: 03 Апрель 2020 - 13:48