Antivir process checker

[MasterX]

This script will check all running processes for viruses. It uses _ProcessGetPath made by mrRevoked and i thank him for that

So it gets the antivir directory from the registry, you need antivir to be installed.

It detects all running processes then your current activated window, because the focus gets lost when opening antivir file walker. Btw i use avscan.exe with some parameters.

After 10 min it checks again. Have fun with this

expandcollapse popup

$av=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir PersonalEdition Classic","Path")
$avscan=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir PersonalEdition Classic","Path")&"avscan.exe /GUIMODE=2"
Func _ProcessGetPath($vProcess)
    Local $i_PID, $hKernel32, $hPsapi, $aProcessHandle, $tDLLStruct, $iError, $sProcessPath
    
    $i_PID = ProcessExists($vProcess)
    
    If Not $i_PID Then Return SetError(1, 0, "");process doesn't exist?
    
    $hKernel32 = DllOpen("Kernel32.dll")
    $iError = @error
    If $iError Then
        DllClose($hKernel32)
        Return SetError(2, $iError, ""); dllopen kernell32.dll failed
    EndIf
    
    $aProcessHandle = DllCall($hKernel32, "int", "OpenProcess", "int", 0x0400 + 0x0010, "int", 0, "int", $i_PID)
    $iError = @error
    If $iError Or $aProcessHandle[0] = 0 Then
        DllClose($hKernel32)
        Return SetError(2, $iError, "");openprocess failed
    EndIf
    
    $hPsapi = DllOpen("Psapi.dll")
    $iError = @error
    If $iError Then
        DllClose($hKernel32)
        DllClose($hPsapi)
        Return SetError(3, $iError, ""); dllopen psapi.dll failed
    EndIf
    
    $tDLLStruct = DllStructCreate("char[1000]")
    
    DllCall($hPsapi, "long", "GetModuleFileNameEx", "int", $aProcessHandle[0], "int", 0, "ptr", DllStructGetPtr($tDLLStruct), "long", DllStructGetSize($tDLLStruct))
    $iError = @error

    DllCall($hKernel32, "int", "CloseHandle", "int", $aProcessHandle[0])
    DllClose($hKernel32)
    DllClose($hPsapi)
    
    If $iError Then
        $tDLLStruct = 0
        Return SetError(4, $iError, "");getmodulefilenamex failed
    EndIf
    
    $sProcessPath = DllStructGetData($tDLLStruct, 1)
    $tDLLStruct = 0
    
;format the output
    If StringLen($sProcessPath) < 2 Then Return SetError(5, 0, "");is empty or non readable
    If StringLeft($sProcessPath, 4) = "\??\" Then $sProcessPath = StringReplace($sProcessPath, "\??\", "")
    If StringLeft($sProcessPath, 20) = "\SystemRoot\System32" Then $sProcessPath = StringReplace($sProcessPath, "\SystemRoot\System32", @SystemDir)
    
    Return SetError(0, 0, $sProcessPath)
EndFunc;==>_ProcessGetPath
go()
while 1
    Sleep(600000); 10 min wait
    go()
WEnd
func go()
$a = ProcessList()
For $i = 1 To UBound($a)-1
    $path=_ProcessGetPath($a[$i][1])
    If $path = "" Then
    Else    
    $var=WinList()
    For $b = 1 to $var[0][0]
        If $var[$b][0] <> "" AND WinActive($var[$b][0]) Then
            $win=$var[$b][0]
        EndIf
    Next    
    Run($avscan&" /PATH="&'"'&$path&'"',$av,@SW_HIDE)
    WinActivate($win)
   while ProcessExists("avscan.exe")
       Sleep(100)
   wend 
   EndIf
Next
EndFunc