The first thing to do is stop doing that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
When you concatenate strings, you build a new string that is sent as is direct to SQL - so when you send your special characters list like that it causes two problems:
1) It leaves you wide open to be destroying your DB.
2) it means SQL has to try to interpret your data as a "normal" text string - which it isn't, it's a Unicode string.
So, use a parameterised query, and both your problems will disappear!
insrt_statment2 = "INSERT INTO [Files] VALUES(@FILENAME, @LASTATIME @LASTWTIME, @DATA, GETDATE());";
command = new SqlCommand(insrt_statment2, connection);
command.Parameters.AddWithValue("@FILENAME", fileNames[0].FullName);
command.Parameters.AddWithValue("@LASTATIME", fileNames[0].LastAccessTime);
command.Parameters.AddWithValue("@LASTWTIME", fileNames[0].LastWriteTime);
command.Parameters.AddWithValue("@DATA", str_sign);
And as a bonus, it makes your code a lot more readable, too...
BTW: When inserting values, it is a very good idea to name all the columns you want to insert in teh INSERT query...