You can find Dr.Web Log Collector from attachment or you can download it directly from here.
When you first run the application the GUI ( Graphical User Interface) would be in Russian. You should change this to English, please see red rectangle in picture below.
What this program does?
- There are some places (dr.web forums, bug tracker and technical support e-mails) these logs can be requested from you to give you better feedback and better help.
- This program is a standalone executable, it doesn't require a setup. You just need to run it with a double click.
Which data this program collect?
This tool collects the following files and registry hives:
- Logs of activity Dr.Web
Scaner log - %USERPROFILE%\DoctorWeb\drweb32w.log
Log of Dr.Web Updater which starts on demand - %USERPROFILE%\DoctorWeb\drwebupw.log
Log of Dr.Web Updater which starts from scheduler - %ProgramFiles%\drweb\drwebupw.log
SpIDer Gate log -%USERPROFILE%\DoctorWeb\ spidergate.log
SpIDer Mail log - %USERPROFILE%\DoctorWeb\spiderml.log
SpIDer Guard NT log - %ProgramFiles%\drweb\spidernt.log
SpIDer Guard G3 log - %ProgramFiles%\drweb\spiderg3.log
- Configuration of Dr.Web
%ProgramFiles%\drweb\drweb32.ini
HKLM\Software\Doctor Web
HKLM\Software\IDAVLab
HKLM\system\CurrentControlSet\Services\DrWebEngine
HKLM\system\CurrentControlSet\Services\DwProt
HKLM\system\CurrentControlSet\Services\SpiderG3
HKLM\system\CurrentControlSet\Services\DrWEBAF
HKLM\system\CurrentControlSet\Services\DrWEBPF
Dr.Web Update task - %windir%\tasks\Dr.Web Update.job
- Installation log
%userprofile%\local settings\temp\drweb5-setup.log
%userprofile%\local settings\temp\drweb-setup.log
- CureIt log
file %USERPROFILE%\DoctorWeb\CureIt.log
- WinSock export
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2
- Sistem information (nfo)
msinfo32.exe report, saved to info.nfo
- Critical parameters of OS
HKEY_CLASSES_ROOT\exefile
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
c:\windows\system32\drivers\etc\hosts
Windows Scheduler log - c:\windows\schedlgu.Txt
- Windows Event reports (System & Application).
- cmd:
dir /s /a "%AllUsersProfile%\Application Data\Doctor Web\Bases" "%CommonProgFiles%\Doctor Web\Scanning Engine" "%ProgramFiles%\DrWeb" %SystemRoot%\system32\drivers\dwprot.sys > DrWebdir.txt
Usage
- Please download attachment to your desktop or you can download it from ftp servers. You can open this archive with buildin windows zip extractor or with 7zip or other freeware archive utilities.
- Double click on drweblc executable.
- You will see main application screen. You should choose what information you want to collect or what information requested from you. Please see the picture below.
drweblc.png 31,32К 75 Скачано раз - After this please click on Generate the report button. This will take a little time depends on which options you selected. It is recommend to temporarily disabling your other security applications because these applications may block Log Collector. And Windows Vista - Windows 7 users should launch this application as a Administrator.
- After generation of report file you will see a screen that will tell you, your report file is on your desktop as an archive. Which looks like DrwLog_%PCNAME%_%DATE%_%TIME%.zip . If you want to explore this file, you can open it with build in windows zip extractor or you can use 7zip or other free alternatives.
drweblc.png 30,59К 76 Скачано раз - After all complete, you just need to send this archive file whom requested it from you.
- If you find any bug or other problem, please continue at this thread.
Thanks SergM for English translation.
Thanks the creator of this application (Ko6Ra) .