{
try
{
this.listBox1.Items.Add("");
this.listBox1.Items.Add("扫描指定的目录文件");
RegistryKey scan = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Honeydogchen\\.Dog\\Scan",true);
string strdir = scan.GetValue("FolderSelect").ToString();
if(this.checkBox2.Checked==true)
{
RegistryKey microsoft = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft",true);
RegistryKey currentversion1 = microsoft.OpenSubKey("Windows NT\\CurrentVersion",true);
RegistryKey currentversion2 = microsoft.OpenSubKey("Windows\\CurrentVersion",true);
try
{
string system32dir = currentversion1.GetValue("SystemRoot").ToString();
GetSystemFiles(system32dir+"\\SYSTEM32");
}
catch(Exception)
{
}
try
{
string systemdir = currentversion2.GetValue("SystemRoot").ToString();
GetSystemFiles(systemdir+"\\SYSTEM");
}
catch(Exception)
{
}
}
GetCommonFiles(strdir);
this.textBox1.Text = strdir;
this.label1.Enabled = true;
this.label4.Enabled = true;
this.Cursor = System.Windows.Forms.Cursors.Default;
if(a==0)
{
this.listBox1.Items.Add(" 恭喜恭喜,没有发现可疑文件");
}
else
{
this.listBox1.Items.Add(" 共发现"+a+"个可疑文件,请用专业反病毒软件查杀");
}
this.listBox1.Items.Add("");
this.listBox1.Items.Add("扫描结束,"+"共扫描了"+d+"个进程,"+b+"个文件");
this.listBox1.Items.Add("");
this.listBox1.Items.Add("反病毒技术支持");
this.listBox1.Items.Add(" Email:honeydogchen@163.com");
}
catch(Exception)
{
}
}
private void GetCommonFiles(string strDir)
{
string path = Application.StartupPath;
Share.Ini ini = new Share.Ini(path+"\\Virus.dat");
DirectoryInfo dir = new DirectoryInfo(strDir);
int number = Convert.ToInt16(ini.IniReadValue("VirusList","Number"));
FileInfo[] exefiles = dir.GetFiles("*.exe");
foreach(FileInfo f in exefiles)
{
this.textBox1.Text = f.FullName.ToString();
this.textBox1.Refresh();
for(int i=0;i<number;i++)
{
string name = Convert.ToString(ini.IniReadValue("VirusList","Name"+i));
if(f.Name.ToLower().EndsWith(name))
{
this.listBox1.Items.Add(" 名称:"+f.Name.ToString());
this.listBox1.Items.Add(" 路径:"+strDir+"\\"+f.Name.ToString());
a++;
}
}
b++;
}
if(this.checkBox3.Checked==true)
{
DirectoryInfo[] dir1List = dir.GetDirectories();
for(int i = 0;i<dir1List.Length;i++)
{
GetCommonFiles(strDir+"\\"+dir1List[i].Name);
}
}
}
private void GetSystemFiles(string strDir)
{
string path = Application.StartupPath;
Share.Ini ini = new Share.Ini(path+"\\Virus.dat");
DirectoryInfo dir = new DirectoryInfo(strDir);
int number = Convert.ToInt16(ini.IniReadValue("VirusList","Number"));
FileInfo[] exefiles = dir.GetFiles("*.exe");
foreach(FileInfo f in exefiles)
{
this.textBox1.Text = f.FullName.ToString();
this.textBox1.Refresh();
for(int i=0;i<number;i++)
{
string name = Convert.ToString(ini.IniReadValue("VirusList","Name"+i));
if(f.Name.ToLower().EndsWith(name))
{
this.listBox1.Items.Add(" 名称:"+f.Name.ToString());
this.listBox1.Items.Add(" 路径:"+strDir+"\\"+f.Name.ToString());
a++;
}
}
b++;
}
}
private void CheckRegistry()
{
int h = 0;
int i = 0;
int j = 0;
int k = 0;
int l = 0;
int n = 0;
this.listBox1.Visible = true;
try
{
this.listBox1.Items.Clear();
this.listBox1.Items.Add("扫描注册表的启动项");
RegistryKey hklm = Registry.LocalMachine;
RegistryKey hkcu = Registry.CurrentUser;
RegistryKey hkcr = Registry.ClassesRoot;
RegistryKey run1 = hklm.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
foreach(string sValName1 in run1.GetValueNames())
{
this.listBox1.Items.Add(" "+sValName1+":"+run1.GetValue(sValName1));
}
RegistryKey run2 = hkcu.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run");
foreach(string sValName2 in run2.GetValueNames())
{
this.listBox1.Items.Add(" "+sValName2+":"+run2.GetValue(sValName2));
}
this.listBox1.Items.Add("");
this.listBox1.Items.Add("扫描文件的关联状况");
RegistryKey currentversion1 = hklm.OpenSubKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",true);
RegistryKey winlogon = currentversion1.OpenSubKey("Winlogon",true);
RegistryKey windowstoo = currentversion1.OpenSubKey("Windows",true);
try
{
RegistryKey currentversion2 = hklm.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion",true);
string systemdir = currentversion2.GetValue("SystemRoot").ToString();
if(systemdir!="")
{
Share.Ini ini = new Share.Ini(systemdir+"\\System.ini");
string explorer = Convert.ToString(ini.IniReadValue("boot","shell"));
if(explorer!="explorer.exe"&&explorer!="Explorer.exe")
{
n++;
this.listBox1.Items.Add(" Shell="+explorer+" 异常");
}
ini = new Share.Ini(systemdir+"\\Win.ini");
string run = Convert.ToString(ini.IniReadValue("windows","run"));
if(run!="")
{
n++;
this.listBox1.Items.Add(" run="+run+" 异常");
}
string load = Convert.ToString(ini.IniReadValue("windows","load"));
if(load!="")
{
n++;
this.listBox1.Items.Add(" load="+load+" 异常");
}
}
}
catch(Exception)
{
}
try
{
string explorer = winlogon.GetValue("Shell").ToString();
if(explorer!="explorer.exe"&&explorer!="Explorer.exe")
{
n++;
this.listBox1.Items.Add(" Shell="+explorer+" 异常");
}
string runtoo = windowstoo.GetValue("run").ToString();
if(runtoo!="")
{
n++;
this.listBox1.Items.Add(" run="+runtoo+" 异常");
}
string loadtoo = windowstoo.GetValue("load").ToString();
if(loadtoo!="")
{
n++;
this.listBox1.Items.Add(" load="+loadtoo+" 异常");
}
}
catch(Exception)
{
}
RegistryKey command1 = hkcr.OpenSubKey("txtfile\\shell\\open\\command",true);
foreach(string txt in command1.GetValueNames())
{
string txt1 = command1.GetValue(txt).ToString();
if(txt1!="NOTEPAD.EXE %1"&&txt1!="notepad.exe %1")
{
h++;
this.listBox1.Items.Add(" txt文件关联:"+txt1.ToString()+" 异常");
}
}
RegistryKey command2 = hkcr.OpenSubKey("exefile\\shell\\open\\command",true);
foreach(string exe in command2.GetValueNames())
{
string exe1 = command2.GetValue(exe).ToString();
string exe10 = "\""+"%1"+"\""+" %*";
if(exe1!=exe10)
{
i++;
this.listBox1.Items.Add(" exe文件关联:"+exe1+" 异常");
}
}
RegistryKey command3 = hkcr.OpenSubKey("regfile\\shell\\open\\command",true);
foreach(string reg in command3.GetValueNames())
{
string reg1 = command3.GetValue(reg).ToString();
string reg10 = "regedit.exe "+"\""+"%1"+"\"";
if(reg1!=reg10)
{
j++;
this.listBox1.Items.Add(" reg文件关联:"+reg1+" 异常");
}
}
RegistryKey command4 = hkcr.OpenSubKey("comfile\\shell\\open\\command",true);
foreach(string com in command4.GetValueNames())
{
string com1 = command4.GetValue(com).ToString();
string com10 = "\""+"%1"+"\""+" %*";
if(com1!=com10)
{
k++;
this.listBox1.Items.Add(" com文件关联:"+com1+" 异常");
}
}
RegistryKey command5 = hkcr.OpenSubKey("batfile\\shell\\open\\command",true);
foreach(string bat in command5.GetValueNames())
{
string bat1 = command5.GetValue(bat).ToString();
string bat10 = "\""+"%1"+"\""+" %*";
if(bat1!=bat10)
{
l++;
this.listBox1.Items.Add(" bat文件关联:"+bat1+" 异常");
}
}
}
catch(Exception)
{
}
if(n==0)
this.listBox1.Items.Add(" Explorer.exe、Win.ini、System.ini正常");
if(h==0)
this.listBox1.Items.Add(" txt文件关联正常");
if(i==0)
this.listBox1.Items.Add(" exe文件关联正常");
if(j==0)
this.listBox1.Items.Add(" reg文件关联正常");
if(k==0)
this.listBox1.Items.Add(" com文件关联正常");
if(l==0)
this.listBox1.Items.Add(" bat文件关联正常");
}
private void CheckProcess()
{
try
{
this.listBox1.Items.Add("");
this.listBox1.Items.Add("扫描当前的系统进程");
Process[] procList = new System.Diagnostics.Process[50];
procList = Process.GetProcesses();
d = procList.GetLength(0);
string path = Application.StartupPath;
Share.Ini ini = new Share.Ini(path+"\\Virus.dat");
int number = Convert.ToInt16(ini.IniReadValue("VirusList","Number"));
for(int i = 0; i<procList.GetLength(0); i++)
{
string strProcName = procList[i].ProcessName+".exe";
this.textBox1.Text = "ProcName:"+strProcName;
this.textBox1.Refresh();
Thread.Sleep(50);
Activate();
for(int j=0;j<number;j++)
{
string name = Convert.ToString(ini.IniReadValue("VirusList","Name"+j));
if(strProcName.ToLower()==name)
{
this.listBox1.Items.Add(" 名称:"+strProcName);
this.listBox1.Items.Add(" 路径:"+procList[i].MainModule.FileName);
c++;
}
}
}
}
catch(Exception)
{
}
if(c==0)
{
this.listBox1.Items.Add(" 恭喜恭喜,没有发现可疑进程");
}
else
{
this.listBox1.Items.Add(" 共发现"+c+"个可疑进程,请用专业反病毒软件查杀");
}
}