2Shirt/WizardKit
2Shirt/WizardKit
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 26 Packages Wiki Activity Actions
WizardKit/.bin/Scripts/diagnostics.ps1
Alan Mason c6e58088af 2016-06: Retroactive initial commit
2017-11-17 00:50:27 -07:00

328 lines
12 KiB
PowerShell
Raw Blame History

# WK-Checklist
## Init ##
$wd = $(Split-Path $MyInvocation.MyCommand.Path)
pushd "$wd"
. .\init.ps1
clear
$host.UI.RawUI.WindowTitle = "WK Diagnostics Tool"
$backup_path = "$WKPath\Backups\$username\$date"
$logpath = "$WKPath\Info\$date"
md "$backup_path" 2>&1 | out-null
md "$logpath" 2>&1 | out-null
$log = "$logpath\Diagnostics.log"
$bin = (Get-Item $wd).Parent.FullName
$diag_dest = "/srv/Diagnostics"
$diag_server = "10.0.0.10"
$diag_user = "wkdiag"
# OS Check
. .\os_check.ps1
# Set Service Order
while ($service_order -notmatch '^\d+') {
$service_order = read-host "Please enter the service order number"
if ($service_order -notmatch '^\d+') {
write-host "ERROR: Invalid SO`r`n" -foreground "red"
}
}
clear
out-file -filepath "$logpath\TicketNumber" -inputobject $service_order -append
wk-write "Starting SW diagnostics for Ticket #$service_order" "$log"
wk-write "" "$log"
## Sanitize Environment ##
# ProcessKiller
#!! DISABLED UNTIL FURTHER TESTING IS DONE !!#
# adapted from TronScript (reddit.com/r/TronScript) and credit to /u/cuddlychops06
#wk-write "* Stopping all processes" "$log"
#taskkill.exe /F /FI "USERNAME eq Demo" /FI "IMAGENAME ne ClassicShellService.exe" /FI "IMAGENAME ne explorer.exe" /FI "IMAGENAME ne dwm.exe" /FI "IMAGENAME ne cmd.exe" /FI "IMAGENAME ne Taskmgr.exe" /FI "IMAGENAME ne MsMpEng.exe" /FI "IMAGENAME ne powershell.exe" /FI "IMAGENAME ne rkill.exe" /FI "IMAGENAME ne rkill64.exe" /FI "IMAGENAME ne rkill.com" /FI "IMAGENAME ne rkill64.com" /FI "IMAGENAME ne conhost.exe" /FI "IMAGENAME ne dashost.exe" /FI "IMAGENAME ne vmtoolsd.exe" /FI "IMAGENAME ne conhost.exe" 2>&1 | out-null
# RKill
wk-write "* Running RKill" "$log"
start -wait "$bin\RKill\RKill.exe" -argumentlist @("-l", "$logpath\rkill.log")
if (!(ask "Did RKill run correctly?" "$log")) {
start -wait "$bin\RKill\explorer.exe" -argumentlist @("-l", "$logpath\rkill.log")
if (!(ask "Did RKill run correctly?" "$log")) {
wk-warn "Since RKill has failed to run, please try an alternative version." "$log"
wk-warn "Opening RKill folder..." "$log"
wk-write "" "$log"
sleep -s 2
ii "$bin\RKill\"
pause
}
}
# TDSSKiller Rootkit scan
wk-write "* Running Rootkit scan" "$log"
if (test-path "$WKPath\Tools\.bin\TDSSKiller.exe") {
md "$WKPath\Quarantine\TDSSKiller" 2>&1 | out-null
start -wait "$WKPath\Tools\.bin\TDSSKiller.exe" -argumentlist @("-l", "$logpath\TDSSKiller.log", "-qpath", "$WKPath\Quarantine\TDSSKiller", "-accepteula", "-accepteulaksn", "-dcexact", "-tdlfs")
} else {
wk-error " TDSSKiller.exe missing. Please verify Wizard-Kit was copied correctly."
}
## Network Check ##
wk-write "* Testing Internet Connection" "$log"
if (!(test-connection "google.com" -count 2 -quiet)) {
wk-warn "System appears offline. Please connect to the internet." "$log"
pause
if (!(test-connection "google.com" -count 2 -quiet)) {
wk-error "System still appears offline; aborting script." "$log"
exit 1
}
}
## Misc Configuration ##
# Export current power plans
$pow_backup_path = "$WKPath\Backups\$date\Power Plans"
md "$pow_backup_path" > $null 2>&1 | out-null
foreach ($plan in (powercfg /L)) {
if ($plan -imatch '^Power Scheme.*') {
$guid = $plan -replace 'Power Scheme GUID:\s+([0-9a-f\-]+).*', '$1'
$name = $plan -replace 'Power Scheme GUID:\s+[0-9a-f\-]+\s+\(([^\)]+)\).*', '$1'
$set = ($plan -imatch '.*\*$')
if (!(test-path "$pow_backup_path\$name.pow")) {
powercfg /export "$pow_backup_path\$name.pow" $guid
}
}
}
# Change Power Plan
wk-write "* Changing power plan to 'High Performance'" "$log"
start "powercfg.exe" -argumentlist @("-restoredefaultschemes") -nonewwindow -redirectstandardoutput out-null
start -wait "powercfg" -argumentlist @("-setactive", "8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c") -nonewwindow -redirectstandardoutput out-null
## Begin Diagnostics ##
# Infection Scan
wk-write "* Starting background infection scan" "$log"
if ($arch -eq 64) {
$prog = "$bin\HitmanPro\HitmanPro64.exe"
} else {
$prog = "$bin\HitmanPro\HitmanPro.exe"
}
start $prog -argumentlist @("/quiet", "/noinstall", "/noupload", "/log=$logpath\hitman.xml") -workingdirectory "$bin\HitmanPro"
# Backup Registry
if (!(test-path "$logpath\Registry")) {
wk-write "* Backing up registry" "$log"
start -wait "$bin\Erunt\ERUNT.EXE" -argumentlist @("$logpath\Registry", "sysreg", "curuser", "otherusers", "/noprogresswindow") -workingdirectory "$bin\Erunt"
}
# Backup Browsers
if (test-path "$localappdata\Google\Chrome") {
wk-write "* Backing up Google Chrome" "$log"
pushd "$localappdata\Google\Chrome"
$sz_args = @(
"a", "-t7z", "-mx=1",
"$backup_path\Chrome.7z",
'"User Data"')
start "$bin\7-Zip\7z.exe" -argumentlist $sz_args -wait -windowstyle minimized
popd
}
if (test-path "$appdata\Mozilla\Firefox") {
wk-write "* Backing up Mozilla Firefox" "$log"
pushd "$appdata\Mozilla\Firefox"
$sz_args = @(
"a", "-t7z", "-mx=1",
"$backup_path\Firefox.7z",
"Profiles",
"profiles.ini")
start "$bin\7-Zip\7z.exe" -argumentlist $sz_args -wait -windowstyle minimized
popd
}
if (test-path "$userprofile\Favorites") {
wk-write "* Backing up Internet Explorer" "$log"
pushd "$userprofile"
$sz_args = @(
"a", "-t7z", "-mx=1",
"$backup_path\IE Favorites.7z",
"Favorites")
start "$bin\7-Zip\7z.exe" -argumentlist $sz_args -wait -windowstyle minimized
popd
}
# Remove temporary files
if (!(test-path "$logpath\bleachbit.log")) {
wk-write "* Removing temporary files" "$log"
start -wait "$bin\BleachBit\bleachbit_console.exe" -argumentlist @("-c", "--preset") -nonewwindow -workingdirectory "$bin\BleachBit" -redirectstandarderror "$logpath\bleachbit.err" -redirectstandardoutput "$logpath\bleachbit.log"
}
# Autoruns
if (!(test-path "$logpath\autoruns.arn")) {
wk-write "* Starting background autoruns scan" "$log"
md "HKCU:\Software\Sysinternals" 2>&1 | out-null
md "HKCU:\Software\Sysinternals\AutoRuns" 2>&1 | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns" -name "checkvirustotal" -value 1 -type "DWord" | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns" -name "EulaAccepted" -value 1 -type "DWord" | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns" -name "shownomicrosoft" -value 1 -type "DWord" | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns" -name "shownowindows" -value 1 -type "DWord" | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns" -name "showonlyvirustotal" -value 1 -type "DWord" | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns" -name "submitvirustotal" -value 0 -type "DWord" | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns" -name "verifysignatures" -value 1 -type "DWord" | out-null
md "HKCU:\Software\Sysinternals\AutoRuns\SigCheck" 2>&1 | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns\SigCheck" -name "EulaAccepted" -value 1 -type "DWord" | out-null
md "HKCU:\Software\Sysinternals\AutoRuns\Streams" 2>&1 | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns\Streams" -name "EulaAccepted" -value 1 -type "DWord" | out-null
md "HKCU:\Software\Sysinternals\AutoRuns\VirusTotal" 2>&1 | out-null
sp -path "HKCU:\Software\Sysinternals\AutoRuns\VirusTotal" -name "VirusTotalTermsAccepted" -value 1 -type "DWord" | out-null
start "$bin\SysinternalsSuite\autoruns.exe" -workingdirectory "$bin\SysinternalsSuite" -windowstyle "minimized"
}
# AIDA64
if (!(test-path "$logpath\aida-keys.txt")) {
wk-write "* Running AIDA64 (Product Keys)" "$log"
start -wait "$bin\AIDA64\aida64.exe" -argumentlist @("/R", "$logpath\aida-keys.txt", "/CUSTOM", "$bin\AIDA64\licenses.rpf", "/TEXT", "/SILENT", "/SAFEST") -workingdirectory "$bin\AIDA64"
}
if (!(test-path "$logpath\aida-installed_programs.txt")) {
wk-write "* Running AIDA64 (SW listing)" "$log"
start -wait "$bin\AIDA64\aida64.exe" -argumentlist @("/R", "$logpath\aida-installed_programs.txt", "/CUSTOM", "$bin\AIDA64\installed_programs.rpf", "/TEXT", "/SILENT", "/SAFEST") -workingdirectory "$bin\AIDA64"
}
if (!(test-path "$logpath\aida64.htm")) {
wk-write "* Running AIDA64 (Full listing) in background" "$log"
start "$bin\AIDA64\aida64.exe" -argumentlist @("/R", "$logpath\aida64.html", "/CUSTOM", "$bin\AIDA64\full.rpf", "/HTML", "/SILENT") -workingdirectory "$bin\AIDA64"
}
# Product Keys
## Extract
md "$bin\ProduKey" 2>&1 | out-null
$sz_args = @(
"x",
('"{0}\ProduKey.7z"' -f $bin),
('-o"{0}\ProduKey"' -f $bin),
"-aos",
"-pAbracadabra")
start "$bin\7-Zip\7z.exe" -argumentlist $sz_args -wait -windowstyle minimized
sleep -s 1
## Run
if (!(test-path "$logpath\keys.txt")) {
wk-write "* Saving Product Keys" "$log"
ri "$bin\ProduKey\*.cfg"
if ($arch -eq 64) {
$prog = "$bin\ProduKey\ProduKey64.exe"
} else {
$prog = "$bin\ProduKey\ProduKey.exe"
}
start -wait $prog -argumentlist @("/nosavereg", "/stext", "$logpath\keys.txt") -workingdirectory "$bin\ProduKey"
}
## Summary ##
wk-write "" "$log"
# Removed temp file size
wk-write "==== Temp Files ====" "$log"
$bb = (gc "$logpath\bleachbit.log") -imatch '(disk space recovered|files deleted)'
foreach ($_ in $bb) {
$_ = " " + $_
wk-write $_ "$log"
}
wk-write "" "$log"
# Free Space
wk-write "==== Free Space ====" "$log"
& "$wd\free_space.ps1" "$log"
wk-write "" "$log"
# RAM
wk-write "==== RAM ====" "$log"
& "$wd\installed_ram.ps1" "$log"
wk-write "" "$log"
# List installed Office programs
wk-write "==== Installed Office Programs ====" "$log"
$installed_office = (gc "$logpath\aida-installed_programs.txt") -imatch 'Office' | sort
foreach ($_ in $installed_office) {
$_ = $_ -ireplace '^\s+(.*?)\s\s+.*', '$1'
wk-write " $_" "$log"
}
wk-write "" "$log"
# Saved keys
wk-write "==== Found Product Keys ====" "$log"
$keys = (gc "$logpath\keys.txt") -imatch '(product.name)'
foreach ($_ in $keys) {
$_ = $_ -ireplace '^product name\s+: ', ' '
wk-write $_ "$log"
}
wk-write "" "$log"
# OS Info
wk-write "==== Operating System ====" "$log"
if ($arch -eq 32) {
wk-error " $os_name x$arch" "$log"
} elseif ($win_info.CurrentVersion -match "6.0") {
if ($win_info.CurrentBuildNumber -match "6002") {
wk-warn " $os_name x$arch" "$log"
} elseif ($win_info.CurrentBuildNumber -match "6001") {
wk-error " $os_name x$arch (very out of date)" "$log"
} elseif ($win_info.CurrentBuildNumber -match "6000") {
wk-error " $os_name x$arch (very out of date)" "$log"
}
} elseif ($win_info.CurrentVersion -match "6.2") {
wk-error " $os_name x$arch (very out of date)" "$log"
} elseif ($win_info.CurrentBuildNumber -match "10240") {
wk-error " $os_name x$arch (Release 1511 not installed)" "$log"
} else {
wk-write " $os_name x$arch" "$log"
}
if ($win_act -notmatch "permanent") {
wk-error "$win_act" "$log"
} else {
wk-write "$win_act" "$log"
}
wk-write "" "$log"
# Updates Check
# TODO: Finish and test this
#wk-write "==== Windows Updates ====" "$log"
#import-module "$WKPath\Tools\.bin\Scripts\PSWindowsUpdate"
# Check last install date
#get-wuhistory | sort-object date -descending | select-object -first 1
# Check if installs CS
# TODO
# Return avail updates
#get-wulist
#wk-write "" "$log"
# Battery Check
wk-write "==== Battery Check ====" "$log"
& "$wd\check_battery.ps1" "$log"
wk-write "" "$log"
# User Data
wk-write "==== User Data ====" "$log"
& "$wd\user_data.ps1" "$log"
wk-write "" "$log"
# Upload info
write-host "Uploading info to NAS..."
## Write batch
$batch = "lcd `"{0}`"`r`n" -f $WKPath
$batch += "cd `"{0}`"`r`n" -f $diag_dest
$batch += "put -r Info `"{0}`"`r`n" -f $service_order
out-file -encoding "ASCII" -filepath "$wd\psftp_batch" -inputobject $batch
## Upload files
$psftp_args = @(
"-noagent",
"-i", "$bin\PuTTY\Wizard-Kit.ppk",
"$diag_user@$diag_server",
"-b", "$wd\psftp_batch")
start "$bin\PuTTY\PSFTP.exe" -argumentlist $psftp_args -wait -windowstyle minimized
## Done ##
popd
pause "Press Enter to exit..."
# Open log
$notepad2 = "$bin\Notepad2\Notepad2-Mod.exe"
if (test-path $notepad2) {
start "$notepad2" -argumentlist $log
} else {
start "notepad" -argumentlist $log
}
Reference in a new issue View git blame Copy permalink