Перейти к содержимому


Фото
- - - - -

Dr.web Log Collector


  • Please log in to reply
11 ответов в этой теме

#1 drumut

drumut

    Member

  • Members
  • 325 Сообщений:

Отправлено 23 Апрель 2010 - 22:41

Hello,

You can find Dr.Web Log Collector from attachment or you can download it directly from here.

When you first run the application the GUI ( Graphical User Interface) would be in Russian. You should change this to English, please see red rectangle in picture below.

What this program does?

  • There are some places (dr.web forums, bug tracker and technical support e-mails) these logs can be requested from you to give you better feedback and better help.
  • This program is a standalone executable, it doesn't require a setup. You just need to run it with a double click.

Which data this program collect?

This tool collects the following files and registry hives:
  • Logs of activity Dr.Web
    Scaner log - %USERPROFILE%\DoctorWeb\drweb32w.log
    Log of Dr.Web Updater which starts on demand - %USERPROFILE%\DoctorWeb\drwebupw.log
    Log of Dr.Web Updater which starts from scheduler - %ProgramFiles%\drweb\drwebupw.log
    SpIDer Gate log -%USERPROFILE%\DoctorWeb\ spidergate.log
    SpIDer Mail log - %USERPROFILE%\DoctorWeb\spiderml.log
    SpIDer Guard NT log - %ProgramFiles%\drweb\spidernt.log
    SpIDer Guard G3 log - %ProgramFiles%\drweb\spiderg3.log
  • Configuration of Dr.Web
    %ProgramFiles%\drweb\drweb32.ini
    HKLM\Software\Doctor Web
    HKLM\Software\IDAVLab
    HKLM\system\CurrentControlSet\Services\DrWebEngine
    HKLM\system\CurrentControlSet\Services\DwProt
    HKLM\system\CurrentControlSet\Services\SpiderG3
    HKLM\system\CurrentControlSet\Services\DrWEBAF
    HKLM\system\CurrentControlSet\Services\DrWEBPF
    Dr.Web Update task - %windir%\tasks\Dr.Web Update.job
  • Installation log
    %userprofile%\local settings\temp\drweb5-setup.log
    %userprofile%\local settings\temp\drweb-setup.log
  • CureIt log
    file %USERPROFILE%\DoctorWeb\CureIt.log
  • WinSock export
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2
  • Sistem information (nfo)
    msinfo32.exe report, saved to info.nfo
  • Critical parameters of OS
    HKEY_CLASSES_ROOT\exefile
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKLM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
    c:\windows\system32\drivers\etc\hosts
    Windows Scheduler log - c:\windows\schedlgu.Txt
  • Windows Event reports (System & Application).
  • cmd:
    dir /s /a "%AllUsersProfile%\Application Data\Doctor Web\Bases" "%CommonProgFiles%\Doctor Web\Scanning Engine" "%ProgramFiles%\DrWeb" %SystemRoot%\system32\drivers\dwprot.sys > DrWebdir.txt
Then collected data stored in the archive with the name DrwLog_%PCNAME%_%DATE%_%TIME%.zip

Usage
  • Please download attachment to your desktop or you can download it from ftp servers. You can open this archive with buildin windows zip extractor or with 7zip or other freeware archive utilities.
  • Double click on drweblc executable.
  • You will see main application screen. You should choose what information you want to collect or what information requested from you. Please see the picture below.
    Прикрепленный файл  drweblc.png   31,32К   75 Скачано раз
  • After this please click on Generate the report button. This will take a little time depends on which options you selected. It is recommend to temporarily disabling your other security applications because these applications may block Log Collector. And Windows Vista - Windows 7 users should launch this application as a Administrator.
  • After generation of report file you will see a screen that will tell you, your report file is on your desktop as an archive. Which looks like DrwLog_%PCNAME%_%DATE%_%TIME%.zip . If you want to explore this file, you can open it with build in windows zip extractor or you can use 7zip or other free alternatives.
    Прикрепленный файл  drweblc.png   30,59К   76 Скачано раз
  • After all complete, you just need to send this archive file whom requested it from you.
Bugs
  • If you find any bug or other problem, please continue at this thread.
Thanks MrBelyash for informing me existance of this application.
Thanks SergM for English translation.
Thanks the creator of this application (Ko6Ra) .

Прикрепленные файлы:

  • Прикрепленный файл  drweblc.zip   392,69К   81 Скачано раз

OS : Debian Sid , all i have all i need!

#2 SergM

SergM

    Guru

  • Moderators
  • 9 387 Сообщений:

Отправлено 24 Апрель 2010 - 07:03

Hi drumut
I have created an English translation of this utility.
Please inform me about spelling and syntactic errors in my translation

#3 drumut

drumut

    Member

  • Members
  • 325 Сообщений:

Отправлено 24 Апрель 2010 - 11:49

Hello SergM,

Thanks for English translation, good work. There may be a little bug.

Privacy policy link doesn't work.
OS : Debian Sid , all i have all i need!

#4 SergM

SergM

    Guru

  • Moderators
  • 9 387 Сообщений:

Отправлено 24 Апрель 2010 - 16:55

Hello, drumut
Many thanks for remarks and amendments. The new version of translation is sent you in PM.
If it is correct, attach this file in this subject, if it is wrong we will work further.

Privacy policy link doesn't work.

It is an error of the developer. This link non-working and in the original version of the utility.

Report generation window is still in Russian.

Line in Russian is in the code of the program. I will not change an original code of the utility. It's remain in Russian. Sorry.

#5 SergM

SergM

    Guru

  • Moderators
  • 9 387 Сообщений:

Отправлено 28 Апрель 2010 - 17:44

The new version of DrWebLC utility with improvements and corrections and with Russian and the English interface.
It is created by Service of technical support DrWeb.

Прикрепленные файлы:

  • Прикрепленный файл  DrWebLC.zip   388,82К   85 Скачано раз


#6 sr

sr

    Newbie

  • Posters
  • 28 Сообщений:

Отправлено 29 Апрель 2010 - 21:58

The new version of DrWebLC utility with improvements and corrections and with Russian and the English interface.
It is created by Service of technical support DrWeb.


- error messages are not translated, I have no idea what it trying to tell me
- is possible to uncheck all, and another error is showed
ESET NOD32 Antivirus

#7 mrbelyash

mrbelyash

    Беляш

  • Members
  • 25 897 Сообщений:

Отправлено 30 Апрель 2010 - 15:41

The new version of DrWebLC utility with improvements and corrections and with Russian and the English interface.
It is created by Service of technical support DrWeb.


- error messages are not translated, I have no idea what it trying to tell me
- is possible to uncheck all, and another error is showed

Pls.show screenshot with errors. :)
wiki https://drw.sh/endjcv | Утилиты https://drw.sh/dgweku | Лечить удаленно https://drw.sh/wmzdcl | Скрытые процессы https://drw.sh/tmulje | Логи https://drw.sh/ruy | Песочница https://drw.sh/exhbro

#8 sr

sr

    Newbie

  • Posters
  • 28 Сообщений:

Отправлено 30 Апрель 2010 - 18:45

The new version of DrWebLC utility with improvements and corrections and with Russian and the English interface.
It is created by Service of technical support DrWeb.


- error messages are not translated, I have no idea what it trying to tell me
- is possible to uncheck all, and another error is showed

Pls.show screenshot with errors. :)


Прикрепленный файл  err1.png   16,71К   66 Скачано раз
Прикрепленный файл  err2.png   17,03К   62 Скачано раз
ESET NOD32 Antivirus

#9 SergM

SergM

    Guru

  • Moderators
  • 9 387 Сообщений:

Отправлено 05 Май 2010 - 17:55

The release ftp://ftp.drweb.com/pub/drweb/tools/drweblc.exe (771 kb)
The description (in Russian)
http://forum.drweb.com/index.php?showtopic=291918

Прикрепленные файлы:



#10 drumut

drumut

    Member

  • Members
  • 325 Сообщений:

Отправлено 05 Май 2010 - 18:47

Thanks SergM, first post is updated. ;)
OS : Debian Sid , all i have all i need!

#11 Ko6Ra

Ko6Ra

    Supporter

  • Posters
  • 3 308 Сообщений:

Отправлено 06 Май 2010 - 07:15

This tool collects the following files and registry hives:

1) Logs of activity Dr.Web
Scaner log - %USERPROFILE%\DoctorWeb\drweb32w.log
Log of Dr.Web Updater which starts on demand - %USERPROFILE%\DoctorWeb\drwebupw.log
Log of Dr.Web Updater which starts from scheduler - %ProgramFiles%\drweb\drwebupw.log
SpIDer Gate log -%USERPROFILE%\DoctorWeb\ spidergate.log
SpIDer Mail log - %USERPROFILE%\DoctorWeb\spiderml.log
SpIDer Guard NT log - %ProgramFiles%\drweb\spidernt.log
SpIDer Guard G3 log - %ProgramFiles%\drweb\spiderg3.log

2) Configuration of Dr.Web
%ProgramFiles%\drweb\drweb32.ini
HKLM\Software\Doctor Web
HKLM\Software\IDAVLab
HKLM\system\CurrentControlSet\Services\DrWebEngine
HKLM\system\CurrentControlSet\Services\DwProt
HKLM\system\CurrentControlSet\Services\SpiderG3
HKLM\system\CurrentControlSet\Services\DrWEBAF
HKLM\system\CurrentControlSet\Services\DrWEBPF
Dr.Web Update task - %windir%\tasks\Dr.Web Update.job

3) Installation log
%userprofile%\local settings\temp\drweb5-setup.log
%userprofile%\local settings\temp\drweb-setup.log

4) CureIt log
file %USERPROFILE%\DoctorWeb\CureIt.log

5) WinSock export
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2

6) Sistem information (nfo)
msinfo32.exe report, saved to info.nfo

7) Critical parameters of OS
HKEY_CLASSES_ROOT\exefile
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
c:\windows\system32\drivers\etc\hosts
Windows Scheduler log - c:\windows\schedlgu.Txt

8) Windows Event reports (System & Application).

9) cmd:
dir /s /a "%AllUsersProfile%\Application Data\Doctor Web\Bases" "%CommonProgFiles%\Doctor Web\Scanning Engine" "%ProgramFiles%\DrWeb" %SystemRoot%\system32\drivers\dwprot.sys > DrWebdir.txt

Then collected data stored in the archive with the name DrwLog_%PCNAME%_%DATE%_%TIME%.zip

ыЫ


#12 drumut

drumut

    Member

  • Members
  • 325 Сообщений:

Отправлено 06 Май 2010 - 12:35

Thanks Ko6Ra, first post is updated. ;)
OS : Debian Sid , all i have all i need!


Читают тему: 0

0 пользователей, 0 гостей, 0 скрытых