11 Antworten zu diesem Thema

[drumut]

Hello,

You can find Dr.Web Log Collector from attachment or you can download it directly from here.

When you first run the application the GUI ( Graphical User Interface) would be in Russian. You should change this to English, please see red rectangle in picture below.

What this program does?

• There are some places (dr.web forums, bug tracker and technical support e-mails) these logs can be requested from you to give you better feedback and better help.
• This program is a standalone executable, it doesn't require a setup. You just need to run it with a double click.

Which data this program collect?

This tool collects the following files and registry hives:

• Logs of activity Dr.Web
  Scaner log - %USERPROFILE%\DoctorWeb\drweb32w.log
  Log of Dr.Web Updater which starts on demand - %USERPROFILE%\DoctorWeb\drwebupw.log
  Log of Dr.Web Updater which starts from scheduler - %ProgramFiles%\drweb\drwebupw.log
  SpIDer Gate log -%USERPROFILE%\DoctorWeb\ spidergate.log
  SpIDer Mail log - %USERPROFILE%\DoctorWeb\spiderml.log
  SpIDer Guard NT log - %ProgramFiles%\drweb\spidernt.log
  SpIDer Guard G3 log - %ProgramFiles%\drweb\spiderg3.log
  
• Configuration of Dr.Web
  %ProgramFiles%\drweb\drweb32.ini
  HKLM\Software\Doctor Web
  HKLM\Software\IDAVLab
  HKLM\system\CurrentControlSet\Services\DrWebEngine
  HKLM\system\CurrentControlSet\Services\DwProt
  HKLM\system\CurrentControlSet\Services\SpiderG3
  HKLM\system\CurrentControlSet\Services\DrWEBAF
  HKLM\system\CurrentControlSet\Services\DrWEBPF
  Dr.Web Update task - %windir%\tasks\Dr.Web Update.job
  
• Installation log
  %userprofile%\local settings\temp\drweb5-setup.log
  %userprofile%\local settings\temp\drweb-setup.log
  
• CureIt log
  file %USERPROFILE%\DoctorWeb\CureIt.log
  
• WinSock export
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2
  
• Sistem information (nfo)
  msinfo32.exe report, saved to info.nfo
  
• Critical parameters of OS
  HKEY_CLASSES_ROOT\exefile
  HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
  HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
  HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
  HKLM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
  c:\windows\system32\drivers\etc\hosts
  Windows Scheduler log - c:\windows\schedlgu.Txt
  
• Windows Event reports (System & Application).
  
• cmd:
  dir /s /a "%AllUsersProfile%\Application Data\Doctor Web\Bases" "%CommonProgFiles%\Doctor Web\Scanning Engine" "%ProgramFiles%\DrWeb" %SystemRoot%\system32\drivers\dwprot.sys > DrWebdir.txt

Then collected data stored in the archive with the name DrwLog_%PCNAME%_%DATE%_%TIME%.zip

Usage

• Please download attachment to your desktop or you can download it from ftp servers. You can open this archive with buildin windows zip extractor or with 7zip or other freeware archive utilities.
• Double click on drweblc executable.
• You will see main application screen. You should choose what information you want to collect or what information requested from you. Please see the picture below.
   drweblc.png   31,32K   75 Anzahl Downloads
• After this please click on Generate the report button. This will take a little time depends on which options you selected. It is recommend to temporarily disabling your other security applications because these applications may block Log Collector. And Windows Vista - Windows 7 users should launch this application as a Administrator.
• After generation of report file you will see a screen that will tell you, your report file is on your desktop as an archive. Which looks like DrwLog_%PCNAME%_%DATE%_%TIME%.zip . If you want to explore this file, you can open it with build in windows zip extractor or you can use 7zip or other free alternatives.
   drweblc.png   30,59K   76 Anzahl Downloads
• After all complete, you just need to send this archive file whom requested it from you.

Bugs

• If you find any bug or other problem, please continue at this thread.

Thanks MrBelyash for informing me existance of this application.
Thanks SergM for English translation.
Thanks the creator of this application (Ko6Ra) .

Angehängte Bilder

•  drweblc.zip   392,69K   81 Anzahl Downloads

[SergM]

Hi drumut
I have created an English translation of this utility.
Please inform me about spelling and syntactic errors in my translation

[drumut]

Hello SergM,

Thanks for English translation, good work. There may be a little bug.

Privacy policy link doesn't work.

[SergM]

Hello, drumut
Many thanks for remarks and amendments. The new version of translation is sent you in PM.
If it is correct, attach this file in this subject, if it is wrong we will work further.

Privacy policy link doesn't work.

It is an error of the developer. This link non-working and in the original version of the utility.

Report generation window is still in Russian.

Line in Russian is in the code of the program. I will not change an original code of the utility. It's remain in Russian. Sorry.

[SergM]

The new version of DrWebLC utility with improvements and corrections and with Russian and the English interface.
It is created by Service of technical support DrWeb.

Angehängte Bilder

•  DrWebLC.zip   388,82K   85 Anzahl Downloads

[sr]

The new version of DrWebLC utility with improvements and corrections and with Russian and the English interface.
It is created by Service of technical support DrWeb.

- error messages are not translated, I have no idea what it trying to tell me
- is possible to uncheck all, and another error is showed

[mrbelyash]

The new version of DrWebLC utility with improvements and corrections and with Russian and the English interface.
It is created by Service of technical support DrWeb.

- error messages are not translated, I have no idea what it trying to tell me
- is possible to uncheck all, and another error is showed

Pls.show screenshot with errors.

[sr]

The new version of DrWebLC utility with improvements and corrections and with Russian and the English interface.
It is created by Service of technical support DrWeb.

- error messages are not translated, I have no idea what it trying to tell me
- is possible to uncheck all, and another error is showed

Pls.show screenshot with errors.

 err1.png   16,71K   66 Anzahl Downloads
 err2.png   17,03K   62 Anzahl Downloads

[SergM]

The release ftp://ftp.drweb.com/pub/drweb/tools/drweblc.exe (771 kb)
The description (in Russian)
http://forum.drweb.com/index.php?showtopic=291918

Angehängte Bilder

•  DrWebLC.int.zip   392,7K   82 Anzahl Downloads

[drumut]

Thanks SergM, first post is updated.

[Ko6Ra]

This tool collects the following files and registry hives:

1) Logs of activity Dr.Web
Scaner log - %USERPROFILE%\DoctorWeb\drweb32w.log
Log of Dr.Web Updater which starts on demand - %USERPROFILE%\DoctorWeb\drwebupw.log
Log of Dr.Web Updater which starts from scheduler - %ProgramFiles%\drweb\drwebupw.log
SpIDer Gate log -%USERPROFILE%\DoctorWeb\ spidergate.log
SpIDer Mail log - %USERPROFILE%\DoctorWeb\spiderml.log
SpIDer Guard NT log - %ProgramFiles%\drweb\spidernt.log
SpIDer Guard G3 log - %ProgramFiles%\drweb\spiderg3.log

2) Configuration of Dr.Web
%ProgramFiles%\drweb\drweb32.ini
HKLM\Software\Doctor Web
HKLM\Software\IDAVLab
HKLM\system\CurrentControlSet\Services\DrWebEngine
HKLM\system\CurrentControlSet\Services\DwProt
HKLM\system\CurrentControlSet\Services\SpiderG3
HKLM\system\CurrentControlSet\Services\DrWEBAF
HKLM\system\CurrentControlSet\Services\DrWEBPF
Dr.Web Update task - %windir%\tasks\Dr.Web Update.job

3) Installation log
%userprofile%\local settings\temp\drweb5-setup.log
%userprofile%\local settings\temp\drweb-setup.log

4) CureIt log
file %USERPROFILE%\DoctorWeb\CureIt.log

5) WinSock export
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2

6) Sistem information (nfo)
msinfo32.exe report, saved to info.nfo

7) Critical parameters of OS
HKEY_CLASSES_ROOT\exefile
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
c:\windows\system32\drivers\etc\hosts
Windows Scheduler log - c:\windows\schedlgu.Txt

8) Windows Event reports (System & Application).

9) cmd:
dir /s /a "%AllUsersProfile%\Application Data\Doctor Web\Bases" "%CommonProgFiles%\Doctor Web\Scanning Engine" "%ProgramFiles%\DrWeb" %SystemRoot%\system32\drivers\dwprot.sys > DrWebdir.txt

Then collected data stored in the archive with the name DrwLog_%PCNAME%_%DATE%_%TIME%.zip

[drumut]

Thanks Ko6Ra, first post is updated.