diff --git a/malware4.pl b/malware4.pl
index 02a3c94..cc2927b 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -309,11 +309,25 @@ my @regexen = (
     qr/<\?php\s+if\/\*.+?\*\/\(isset\(\$\_REQUEST\[\'.+?\'\]\)\)\/\*.+?\*\/\{\$\w\/\*.+?\*\/\=\"as\"\.\"se\"\.\"rt\"\;\/\*.+?\*\/\$\w\=\$\w\/\*.+?\*\/\(\/\*.+?\*\/\$\_REQUEST\[\'.+?\'\]\)\/\*.+?\*\/\;exit\;\}\?>/is,
     qr/<\?php\s+\/\*.+?\*\/if\/\*.+?\*\/\(isset\(\$\_REQUEST\[\'.+?\'\]\)\)\/\*.+?\*\/\{\/\*.+?\*\/eval\(\/\*.+?\*\/\$\_REQUEST\[\'.+?\'\]\)\;\/\*.+?\*\/exit\;\}\?>/is,
     qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'.+?\'\]\)\)\/\*.+?\*\/\{eval\(\/\*.+?\*\/\$\_REQUEST\[\'.+?\'\]\)\;exit\;\}\?>/is,
-    qr/<\?php\s+\/\/00023f\s+if\s+\(\!extension\_loaded\(\'IonCube\_loader\'\)\).+?return\s+0\;\s+\?>.+?\Z/is,
+    qr/<\?php\s+\/\/000\w+\s+if\s+\(\!extension\_loaded\(\'IonCube\_loader\'\)\).+?return\s+0\;\s+\?>.+?\Z/is,
     qr/<html><body>.+?<\?php\s+error\_reporting\s+\(0\)\;.+?\&mode\=upload\'\s+method\s+\=\s+\'POST\'.+?clearstatcache\s+\(\)\;.+?echo\s+\"<\/table><br>\"\;/is,
     qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'xftest\'\]\)\)die\(pi\(\)\*6\)\;\$\{.+?\=\@unserialize\(decode\(get\_params\(\$\{\$\{\"GLO.+?\]\}\;\}\s+\?>/is,
     qr/<\?php\s+if\s+\(\!defined\(\'ALREADY\_RUN\_.+?define\(\'ALREADY\_RUN\_.+?\$([A-z0-9]{1,20})\s+\=\s+Array\(.+?eval\/\*([A-z0-9]{1,20})\*\/\(([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\)\;\s+\}/is,
+    qr/<\?php\s+\/\*.+?\*\/if\(isset\(\$\_REQUEST\[\'.+?\'\]\)\)\{\/\*.+?\*\/eval\(\/\*.+?\*\/\$\_REQUEST\[\'.+?\'\]\)\;\/\*.+?\*\/exit\;\/\*.+?\*\/\}\?>/is,
+    qr/<\?php\s+if\s+\(isset\(\$\{\"\_REQUEST\"\}\[\'.+?\'\]\)\)\{\$\w\=\"assert\"\;\$\w\(\$\{\"\_REQUEST\"\}\[\'.+?\'\]\)\;exit\;\}/is,
+    qr/<\?php\s+\/\*.+?\*\/if\(isset\(\$\_COOKIE\[\".+?\"\]\)\)\/\*.+?\*\/\{\$\_COOKIE\[\".+?\"\]\(\$\_COOKIE\[\".+?\"\]\)\;exit\;\}/is,
+    qr/<\?php\s+\/\/header\(\'Content\-Type\:text\/html\;\s+charset\=utf\-8\'\)\;.+?\$([A-z0-9]{1,20})\_\_\_\=urldecode\(.+?\)\;if\(\!function\_exists\(\'str\_ireplace\'\)\)\{function\s+str\_ireplace\(\$from\,\$to\,\$string\)\{return\s+trim\(preg\_replace\(\"\/\"\.addcslashes\(\$from.+?exit\(\)\;\}\}.+?\?>/is,
+    qr/<\?php\s+if\/\*.+?\*\/\(isset\(\$\_REQUEST\[\'.+?\'\]\)\)\/\*.+?\*\/\{\/\*.+?\*\/eval\(\/\*.+?\*\/\$\_REQUEST\[\'.+?\'\]\)\;exit\;\}\?>/is,
+    qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'.+?\'\]\)\)\/\*.+?\*\/\{\$\w\=\"as\"\.\"se\"\.\"rt\"\;\/\*.+?\*\/\$\w\=\$\w\(\/\*.+?\*\/\$\_REQUEST\[\'.+?\'\]\)\;exit\;\}\?>/is,
+    qr/<\?php\s+\/\*.+?\*\/if\/\*.+?\*\/\(isset\(\$\{\"\_R\"\.\"EQ\"\.\"UE\"\.\"ST\"\}\[\'.+?\'\]\)\)\/\*.+?\*\/\{\$\w\=\/\*.+?\*\/\"pre\"\.\"g\_r\"\.\"epl\"\.\"ace\"\;\/\*.+?\*\/\$\w\(\'\/\/e\'\,\$\{\"\_R\"\.\"EQ\"\.\"UE\"\.\"ST\"\}\[\'.+?\'\]\,\'\'\)\;\/\*.+?\*\/exit\;\}/is,
+    qr/<\?php\s+if\(isset\(\$\_COOKIE\[\".+?\"\]\)\)\/\*.+?\*\/\{\$\_COOKIE\[\".+?\"\]\(\$\_COOKIE\[\".+?\"\]\)\;\/\*.+?\*\/exit\;\/\*.+?\*\/\}\/\*.+?\*\//is,
+    qr/<\?php\s+set\_time\_limit\(0\)\;.+?<H1><center>config\s+root\s+man<\/center><\/H1>.+?return\s+\$info\;\s+\}\s+\?>/is,
+    qr/<\?php\s+\/\*.+?\*\/if\/\*.+?\*\/\(isset\(\$\{\"\_REQ\"\.\"UEST\"\}\[\'.+?\'\]\)\)\{\/\*.+?\*\/\$\w\/\*.+?\*\/\=\/\*.+?\*\/\"preg\_replace\"\;\$\w\(\'\/\/e\'\,\$\{\"\_REQ\"\.\"UEST\"\}\[\'.+?\'\]\,\'\'\)\;\/\*.+?\*\/exit\;\/\*.+?\*\/\}/is,
+    qr/<\?php\s+echo\s+\'([A-z0-9]{1,20})\'\;\s+preg\_replace\(\"\\x.+?\\x3B\"\,\"\\x2E\"\)\;\s+\?>/is,
+    qr/<\?php\s+if\s+\(\!defined\(\'ALREADY\_RUN\_.+?define\(\'ALREADY\_RUN\_.+?\$([A-z0-9]{1,20})\s+\=\s+Array\(.+?eval\/\*([A-z0-9]{1,20})\*\/\(([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\)\;\s+\}.+?\Z/is,
+    qr/<\?php\s+\/\/\#\#\#\=\=\=\=\#\#\#\s+\@error\_reporting\(E\_ALL\)\;.+?\@assert\_options\(ASSERT\_QUIET\_EVAL\,\s+1\)\;.+?\)\)\;\'\)\;\s+\$strings\(\$light\)\;\s+\/\/\#\#\#\=\=\=\=\#\#\#\s+\?>/is,
     
+
 );
 
 my @base64_decodes = (
diff --git a/mscan.php b/mscan.php
index fa0ec20..7b1f307 100644
--- a/mscan.php
+++ b/mscan.php
@@ -1,16 +1,23 @@
 <?php
-/*
-Forked from WP Protect plugin
-Added tons of new malware patterns
-Disabled cleanup functionality for the time being in order to identify false positives
-Done code cleanup
 
+/*
+Malware code Scanner - 
+This code will scan all php files on a given directory and all of its sub directories for
+instances of the eval(base64_decode php inserted code.
+ver: 2.0.1
+
+settings:
+	you should set the absolute path of the base directory that you want to scan.
+ 	also change the email address settings with you own email address so that you could be notified through email
+    you may run this code manually but setting up a cron job to have run this code periodically is suggested.
+
+originally by Norbert Christian L. Feria / http://www.ombing.com
+forked and improved by adding much more malware patterns by Malin Cenusa / https://blackhat.pm
 */
 
-
-
 class malScanner{
-	
+
+
 	var $mtstart;
 	var $mtend;
 	var $exectime;
@@ -23,67 +30,443 @@ class malScanner{
 	var $no_files_scanned;
 	var $no_files_cleaned;
 	var $patterns;
+
 	
-	var $webmaster_email = "office@palma.solutions";
-	var $website_name = "palma.solutions";
 
+	var $webmaster_email = "your@email.com";
+	var $website_name = "yourwebsite.com";
+
+	#patterns based on the code from
+	#http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html#id-download
 	var $malPatterns = array(
-
-	"^<\?php\s*\\\$md5\s*=\s*.*create_function\s*\(.*?\);\s*\\\$.*?\)\s*;\s*\?>\s*",
-	" echo \"<script type=\\\\\"text\/javascript\\\\\" src=\\\\\"http:\/\/.*\.js\\\\\"><\/script>\"; echo \"\";",
-	"<\?php\s*\@error_reporting\(0\);\s*if\s*\(\!isset\(([\$\w]+)\)\)\s*{[\$]+[^}]+}\s*\?>",
-	"<\?php\s*\/\*\w+_on\*\/.*\/\*\w+_off\*\/\s*\?>",
-	"<\?php\s*\/\*god_mode_on\*\/eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);\s*\/\*god_mode_off\*\/\s*\?>",
-	"<\?php\s*\?>",
-	"<IfModule\s*mod_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteCond\s*%\{HTTP_REFERER\}\s*\^\.\*\([^\)]{255,}[google|yahoo|bing|ask|wikipedia|youtube][^\)]{255,}[^<]*<\/IfModule>",
-	"ErrorDocument\s*(?:400|401|403|404|500)+\s*http:\/\/.*\.\w+",
-	"^<script>(.*)<\/script>",
-	"^<\?php\s*\\\$md5\s*=\s*[\"|']\w+[\"|'];\s*\\\$wp_salt\s*=\s*[\w\(\),\"\'\;\$]+\s*\\\$wp_add_filter\s*=\s*create_function\(.*\);\s*\\\$wp_add_filter\(.*\);\s*\?>\s*",
-	"\s*eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);",
-	"if\(!function_exists\([^{]+\s*{\s*function[^}]+\s*}\s*[^\"']+\s*[\"'][^\"']+[\"'];\s*eval\s*\(.*\)\s*;\s*}\s*",
-	"d.=sprintf\(\(substr\(urlencode\(print_r\(array\(",
-	"^(.*)<\?php(.*)eval(\s*)\((\s*)base64_decode(\s*)\((\s*)(.*)(\?><\?php)*\n",
-	"eval(\s*)\((.*)base64_decode(\s*)\(",
-    "\$_COOKIE\[[\'\|\"\]access\-admin\[\'\|\"\]\]",
-    "this.form.upload_file.disabled=false",
-    "function(\s*)jspw3\(d\,m\,f\)",
-    "a(\s*)simple(\s*)Web-based(\s*)file(\s*)manager",
-    "php\_uname(\s*)\(preg_replace(\s*)\(",
-    "function(\s*)rewrioutclbkxxx1\(",
-    "eval\(\(base64_decode\(",
-    "preg_replace\(strrev\(",
-    "s=base64_decode\(str_replace\(chr\(32\)",
-    "_GET\[base64_decode\(",
-    "@error_reporting\(0\)",
-    "eval\(base64_decode\(<(.*)POST(.*)>php",
-    "==========================+(\s*)Credit.Mutuel.ReZult(\s*)+==================",
-    "X-Mailer:(\s*)The(\s*)Bat\!(\s*)\(v",
-    "WordPress(\s*)Inserter(\s*)Links",
-    "The(\s*)Sword(\s*)Config(\s*)Fuck(\s*)Script",
-    "@kr(\s*)=(\s*)<d0mains>;",
-    "copyto(\s*)=(\s*)explode\(",
-    "eval\(gzinflate\(base64_decode\(",
-    "eval\(gzinflate\(str_rot13\(base64_decode\(",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Home(\s*)\|(\s*)Personal",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Online(\s*)Banking(\s*)\|(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Thank(\s*)you",
-    "Wells(\s*)Fargo(\s*)Home(\s*)Page",
-    "Chase(\s*)Online(\s*)-(\s*)Logon",
-    "Send(\s*)Money,(\s*)Pay(\s*)Online(\s*)or(\s*)Set(\s*)Up(\s*)a(\s*)Merchant(\s*)Account(\s*)with(\s*)PayPal",
-    "Login(\s*)-(\s*)PayPal",
-    "Sign(\s*)Up(\s*)for(\s*)PayPal(\s*)-(\s*)It\'s(\s*)Free(\s*)and(\s*)Easy(\s*)to(\s*)Get(\s*)Started",
-    "My(\s*)Account(\s*)-(\s*)Telstra",
-    "RBC(\s*)Royal(\s*)Bank(\s*)-(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking",
-    "RBC(\s*)Financial(\s*)Group(\s*)-(\s*)Online(\s*)Banking",
-    "Online(\s*)Banking(\s*)Security(\s*)and(\s*)Privacy(\s*)Guide(\s*)-(\s*)RBC(\s*)Royal(\s*)Bank",
-    
-      
+"^<\?php\s*\\\$md5\s*=\s*.*create_function\s*\(.*?\);\s*\\\$.*?\)\s*;\s*\?>\s*",
+" echo \"<script type=\\\\\"text\/javascript\\\\\" src=\\\\\"http:\/\/.*\.js\\\\\"><\/script>\"; echo \"\";",
+"<\?php\s*\@error_reporting\(0\);\s*if\s*\(\!isset\(([\$\w]+)\)\)\s*{[\$]+[^}]+}\s*\?>",
+"<\?php\s*\/\*\w+_on\*\/.*\/\*\w+_off\*\/\s*\?>",
+"<\?php\s*\/\*god_mode_on\*\/eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);\s*\/\*god_mode_off\*\/\s*\?>",
+"<\?php\s*\?>",
+"<IfModule\s*mod_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteCond\s*%\{HTTP_REFERER\}\s*\^\.\*\([^\)]{255,}[google|yahoo|bing|ask|wikipedia|youtube][^\)]{255,}[^<]*<\/IfModule>",
+"ErrorDocument\s*(?:400|401|403|404|500)+\s*http:\/\/.*\.\w+",
+"^<script>(.*)<\/script>",
+"^<\?php\s*\\\$md5\s*=\s*[\"|']\w+[\"|'];\s*\\\$wp_salt\s*=\s*[\w\(\),\"\'\;\$]+\s*\\\$wp_add_filter\s*=\s*create_function\(.*\);\s*\\\$wp_add_filter\(.*\);\s*\?>\s*",
+"\s*eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);",
+"if\(!function_exists\([^{]+\s*{\s*function[^}]+\s*}\s*[^\"']+\s*[\"'][^\"']+[\"'];\s*eval\s*\(.*\)\s*;\s*}\s*",
+"eval\(base64_decode\(\'aWYgKGlzc2V0KCRfUE9TVFsienoxIl0pKSB7ZXZhbChzdHJpcHNsYXNoZXMoJF9QT1NUWyJ6ejEiXSkpO30=\'\)\)",
+"<\?php\s*\W.*([a-zA-Z0-9]{5}).*=\s*array\((.*)function_exists\(\"(.*)\);\}\?>",
+"<\?php\s*\W.*([a-zA-Z0-9]{10}).*\s*=\s*\'(.*)\/epreg_replace(.*)explode\(chr\(\((.*)-1; ?>",
+"<script\s*type=\"text\/javascript\"\s*src=\"http:\/\/ftp\.sanatoriomayosa\.com\.ar\/zdKrgP8p\.php\Wid=(.*)\"><\/script>",
+"<\?php\s*\W(.*)=\s*array\(\'(.*)=\s*array\(\'(.*)=\s*array\(\'(.*)==\";if\s*\(\Wfunction_exists\(\"(.*)\);\}\?>",
+"<\!--.*([a-zA-Z0-9]{6}).*--><script\s*type=\"text\/javascript\"\s*src=\"http\:\/\/centexcomputer.com\/(.*)\"><\/script><\!--\/.*([a-zA-Z0-9]{6}).*-->",
+"eval\(base64_decode\(\W_POST\[\'.*([a-zA-Z0-9]{7}).*\'\]\)\);",
+"<iframe\s*width=\"10\"\s*height=\"10\"\s*src=\"http:\/\/(.*)\"\s*frameborder=\"0\"><\/iframe>",
+"<script\s*type=\"text\/javascript\">\s*\(function\(\)\{var\s*agent\s*\=\s*navigator\.userAgent;(.*)\{location\.href\s*\=\s*\'http\:\/\/bit\.ly\/1aMmdYs\';\}\}\)\(\)\s*<\/script>",
+"<script\s*type=\"text\/javascript\">if\(document.loaded\)\s*\{\s*showBrowVer\(\);(.*)js_kod2\);\s*\}\s*\}\s*\}<\/script>",
+"<\?php\s*\/\/\s*The\s*JS\s*here(.*)Eabi.p\!\'\s*\)\s*\);",
+"<embed\s*src\=\"http:\/\/(.*)\"\s*type=\"application\/x-shockwave-flash\"\s*wmode=\"transparent\"\s*width=\"1\"\s*height=\"1\"><\/embed>",
+"ErrorDocument(.*)http\:\/\/congatarcxisi.ru\/mays\/index.php",
+"<iframe\s*width=\"10\"\s*height=\"10\"\s*src=(.*)frameborder=\"0\"><\/iframe>",
+"<iframe(.*)nioxox(.*)iframe>",
+"<\?php\s*if\s*\(\Wisset(.*)aHR0cDovL21icm93c2Vyc3RhdHMuY29tL3N0YXRIL3N0YXQucGhw(.*)stCurlHandle\);\s*\}\s*\}\s*\?>",
+"<iframe\s*src=\"(.*)\"\s*height=\"0\"\s*width=\"0\"\s*style=\'visibility:\s*hidden\'><\/iframe>",
+"<?php(.*)4125a73128a5bc472091d99126855415(.*)exit\(\)\;\s*\}\?>",
+"<\?php\s*\W.*([a-zA-Z0-9]{5}).*=\s*\"(.*)exit\(\);\s*\}\s*\?>",
+"<script\s+?src=http:\/\/photopost\.co\.kr\/iphotodown\/ebindexp\.php\s+?>",
+"<\?php\s*\W.*([a-zA-Z0-9]{4}).*=\s*\"(.*)echo\s*\W.*([a-zA-Z0-9]{6}).*;\s*exit\(\);\s*\}\s*\?>",
+"<\?php\s*\W.*([a-zA-Z0-9]{10}).*=\s*\'(.*)=\W.*([a-zA-Z0-9]{10}).*-1;\s*\?>",
+"<iframe\s*src=\"http\:\/\/(.*)\/counter.php\"\s*style=\"visibility:\s*hidden;\s*position:\s*absolute;\s*left:\s*0px;\s*top:\s*0px\"\s*width=\"10\"\s*height=\"10\"\/>",
+"<\!DOCTYPE(.*)BreezeBrowser(.*)printFullsizeContent\(\)(.*)<\/html>",
+"<script\s*language=\"javascript\">\s*var\s*\_0x2b7d(.*)0x2b7d\[8\]\]\(hs\);\s*<\/script>",
+"<iframe\s*src=\"http\:\/\/(.*)ini\.php\"\s*width=\"1\"\s*height=\"1\"\s*frameborder=\"0\"><\/iframe>",
+"<\?PHP\s*\/\*\s*GNU(.*)gnu=false;\s*\}\s*\?>",
+"\#c3284d\#(.*)\#\/c3284d\#",
+"<\?php\s*if\s*\(isset\(\W_POST\[\"code\"\]\)\)\s*eval\(base64_decode\(\W_POST\[\"code\"\]\)\);\s*\?>",
+"<\?\Wtds\=\"http\:\/\/(.*)\}\?>",
+"<IfModule\s*mod_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteCond\s*\%\{HTTP_REFERER\}\s*\^\.\*\(google\|ask\|(.*)RewriteRule\s*\^\(\.\*\)\W\s*http\:\/\/datinginstallshield.ru\/pavilion\?8\s*\[R\=301,L\]",
+"<\?\Wtds\=\"http\:\/\/(.*)echo\s*\Wx;\}\?>",
+"<\?PHP\s*defined\(\'_OLD_JEXEC_\'\)\s*or\s*die\(@eval\(base64_decode\(\W_REQUEST\[\'(.*)\'\]\)\)\);\s*\?>",
+"<\?php\s*\W.*([a-zA-Z0-9]{5}).*\s*=\s*\"(.*)exit\(\);\s*\}\s*\?>",
+"^<\?php\s*\Whaikzdiigp(.*)quegvtluws\-1;\s*\?>",
+"\/\*.*([a-zA-Z0-9]{6}).*\*\/(.*)\/\*\/.*([a-zA-Z0-9]{6}).*\*\/",
+"\/\*63aef4\*\/(.*)\/\*\/63aef4\*\/",
+"<\?PHP\s*\/\/Authentication(.*)eval\(gzinflate\(base64_decode\((.*)8A\'\)\)\);\s*\?>",
+"<\?\s*error_reporting\(0\);\W\w=\(isset\(\W_SERVER\[\"HTTP_HOST\"\]\)(.*)curl_exec\(\W\w\w\);curl_close\(\W\w\w\);eval\(\W\w\);\};die\(\);\s*\?>",
+"RewriteCond\s*\%\{HTTP_USER_AGENT\}\s*android\s*\[NC\,OR\](.*)\.php\s*\[L\,R\=302\]",
+"<\?php(.*)if\(isset\(\W_REQUEST\[\'(.*)eval\((.*)exit\(\);\s*\}\s*if\(isset\(\W_REQUEST\[\'(.*)fopen\((.*)fwrite\((.*)fclose\((.*)exit\(\);\s*\}\s*\?>",
+"<\!\-\-1c1c7d\-\->(.*)<\!\-\-\/1c1c7d\-\->",
+"<script>\s*var\s*x\s*=\s*\'h\'\s*\+\s*\'t\'\s*\+\s*\'t\'\s*\+\s*\'p\'(.*)\'m\'\s*\+\s*\'e\'\s*\+\s*\'>\'\);\s*<\/script>",
+"\#\#\#\#\#\#\#\#GET\#\#\#\#\#\#\#(.*)\.ru\s*\[L\,R\=302\]",
+"<iframe\s*name\=Twitter(.*)<\/iframe>",
+"ErrorDocument(.*)http\:\/\/msn.com",
+"<IfModule\s*mod_rewrite\.c>(.*)msn\.com\s*\[R\=301\,L\]\s*<\/IfModule>",
+"try\{if\(window\.document\)\-\-document\.getElementById\(\'12\'\)(.*)\/\*\/d04bb5\*\/",
+"<u\s*style\=\"left\:\s*\-(.*)<\/u>",
+"########GET#######(.*)gerania\.ru\s*\[L\,R\=302\]",
+"<\?php\s*#(.*)#\s*\?>",
+"<\?\Wtds\=\"http\:\/\/(.*)\{echo\s*\Wx;\}\?>",
+"<\?php\s*\#c4e573\#(.*)\#\/c4e573\#\s*\?>",
+"<\?php\s*define\(\'CONFIG_FILE\'\,\s*\'\/images\/config\.db\'\);(.*)process\(\);\s*\?>",
+"<\!\-\-05f6a(.*)<\/script><\!\-\-05f6a42413abf89b36479144725bcc597bkmr0naf2i4od6f\-\->",
+"\#767b55\#(.*)\#\/767b55\#",
+"\#f879e8\#(.*)\#\/f879e8\#",
+"<\?php\s*\W\_\s*\=\s*strrev\(\"tress\Wx61\"\);(.*)073\"\);\s*\?>",
+"ument;for\(i\=0(.*)apply\(ss\,a\)\);<\/script>",
+"\,167\,155\,170(.*)apply\(ss\,a\)\);<\/script>",
+"147\,163\,163(.*)\/\*\/f82c4e\*\/",
+"\/\*f82c4e\*\/(.*)\/\*\/f82c4e\*\/",
+"\}147\,163\,163(.*)\/\*\/f82c4e\*\/",
+"<\!\-\-d68107\-\->(.*)<\!\-\-\/d68107\-\->",
+",151,170(.*)eval\(ss\[\"fromCharCode\"\].apply\(ss,a\)\);<\/script>",
+"<img\s*id=\"hidadvnet\"(.*)centralrxmall\.com\/\';\">",
+"<\?\s*\#17da00\#(.*)\#\/17da00\#\s*\?>",
+"<iframe\s*src\=\"http\:\/\/(.*)\"\s*height\=1\s*width\=1\s*frameborder\=0><\/iframe>",
+"<\?php\s*if\(\W_GET\[\'(.*)\'\]==\"(.*)\"\)\{\s*eval\(base64_decode\(\W_POST\[\'(.*)\'\]\)\);\s*exit;\s*\}\s*\?>",
+"<\?php\s*if\(md5\(\W_COOKIE\[\'_wp_debugger\'\]\)==\"69d8bf808cff565a2e89942f5bc3a94e\"\)\{\s*eval\(base64_decode\(\W_POST\[\'file\'\]\)\);\s*exit;\s*\}\s*\?>",
+"<script\s*language\=\"JavaScript\"\s*src\=\"http\:\/\/stummann\.net\/steffen\/google\-analytics\/jquery\-1\.6\.5\.min\.js\"\s*type\=\"text\/javascript\"><\/script>",
+"<\!\-\-339810\-\->(.*)<\!\-\-\/339810\-\->",
+"<\?php\s*session_start\(\);(.*)cwd\s*\=\s*getcwd\(\)\.DIRECTORY_SEPARATOR;(.*)function\s*mailf\((.*)80<\/address>\Wn<\/body>\Wn<\/html>\";\}\s*\?>",
+"<html><head>\s*<title>404\s*Not\s*Found<\/title>(.*)UDP\s*flood\s*completed\s*with(.*)die\(\"\Wnbsp;\"\);\s*}\s*\?>",
+"<\!\-\-2d3965\-\->(.*)<\!\-\-\/2d3965\-\->",
+"<\?php\s*eval\(\"\?>\"\.base64_decode\(\"IDxkaXY(.*)9kaXY\+\"\)\)\;\s*\?>",
+"<script>function\s*c3257948b3q49f99fc8e80fa\(q49f99fc8e88c3\)(.*)\(q49f99fc8ea033\(q49f99fc8ed6df\)\);<\/script>",
+"\#\!\/usr\/bin\/perl\s*\W\?\?s\:\;s\:s\;\;\W\?\:\:s\;\(\.\*\)(.*)\_rs\}\&a\-\h\;\;s\;\(\.\*\)\;\W\_\;see\;",
+"<\!\-\-32f02e\-\->(.*)<\!\-\-\/32f02e\-\->",
+"<\?php\s*\/\*(.*)\*\/\s*function\s*xmail\s*\(\)(.*)return\s*\Wo\;\}\?>",
+"Options\s*\-MultiViews\s*ErrorDocument\s*404\s*\/\/(.*)\.php",
+"<script\s*type\=\"text\/javascript\"\s*language\=\"javascript\">\s*tqrjmw\=document\;cxlr\=(.*)<\/script>",
+"\/\*2d3965\*\/(.*)\/\*\/2d3965\*\/",
+"<IfModule\s*mod\_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteCond\s*\%\{HTTP\_REFERER\}\s*\^.\*\(google\|ask\|yahoo\|yandex\|ya\|baidu\|(.*)\!\/phpinfo\.php\s*RewriteRule\s*\(\.\*\)\s*\/phpinfo\.php\?query\=\W1\s*\[QSA\,L\]\s*<\/IfModule>",
+"<\?php\s*\/\*(.*)\*\/\s*eval\(gzinflate\(base64\_decode\(\'(.*)\'\)\)\)\;\?>",
+"<\!\-\-2d3965\-\->(.*)<\!\-\-\/2d3965\-\->",
+"\#a9a007\#(.*)\#\/a9a007\#",
+"<\?php\s*\/\*b97227(.*)8d1zyyx\*\/\s*\?>",
+"<\!\-\-b97227(.*)8d1zyyx\-\->",
+"<\!\-\-a9a007\-\->(.*)<\!\-\-\/a9a007\-\->",
+"\/\*74ed9f\*\/(.*)\/\*\/74ed9f\*\/",
+"\/\*a9a007\*\/(.*)\/\*\/a9a007\*\/",
+"<\!\-\-0f868c\-\->(.*)<\!\-\-\/0f868c\-\->",
+"<\?php\s*\WSERVER_UNIQUE_LOAD_BALANCE\s*\=\s*strrev\((.*)SERVER_UNIQUE_LOAD_BALANCE\(current\(\W_REQUEST\)\)\)\;",
+"<script>z=\"y\";vz=\"d\"\+\"oc\"\+\"ument\"(.*)zaz=za;e\(zaz\);\}<\/script>",
+"<\!\-\-\s*\~\s*\-\->(.*)<\!\-\-\s*\~\s*\-\->",
+"\#17da00\#(.*)\#\/17da00\#",
+"\/\*17da00\*\/(.*)\/\*\/17da00\*\/",
+"<\!\-\-d04bb5\-\->(.*)<\!\-\-\/d04bb5\-\->",
+"\#0f2490\#(.*)\#\/0f2490\#",
+"\/\*0f2490\*\/(.*)\/\*\/0f2490\*\/",
+"\#d04bb5\#(.*)\#\/d04bb5\#",
+"\/\*d04bb5\*\/(.*)\/\*\/d04bb5\*\/",
+"<\!\-\-950459\-\->(.*)<\!\-\-\/950459\-\->",
+"<\?php(.*)\=\@create\_function\((.*)\,\'ev\'\.\'al\'\.(.*)\?>\"\.gz\'\.\'inf\'\.\'late\'\.\'\(\s*bas\'\.\'e64\'\.\'\_de\'\.\'co\'\.\'de\((.*)\)\;\?>",
+"\#9269ad\#(.*)\#\/9269ad\#",
+"bv\=\(5\-3\-(.*)za\(s\)\}<\/script>",
+"<\!\-\-0f2490\-\->(.*)<\!\-\-\/0f2490\-\->",
+"<\?(.*)vBulletin\s*3\.1\.9(.*)preg\_replace\(\"\/\.\*\/e\"\,\"(.*)\"\,\"\.\"\)\;",
+"\#\s*Netscape\s*HTTP\s*Cookie\s*File(.*)<\?eval\(stripslashes\(array\_pop\(\W\_POST\)\)\)\?>\s*1",
+/* "<\?php(.*)preg\_replace\(\"\/\.\*\/\e\"\,\"(.*)\"\,\"\.\"\)\;\?>", */
+"GIF89a1\s*GIF89GHZ\s*<\?php\s*eval\s*\(gzinflate\(base64\_decode\(str\_rot13\(\"(.*)\"\)\)\)\)\;\s*\?>",
+"GIF89a1\s*<\?php\s*eval\(\"\?\>\"\.base64\_decode\(\"(.*)\"\)\)\;\s*\?>",
+"GIF89a1\s*<\?php\s*eval\(base64\_decode\(\'(.*)\'\)\)\;echo\(\'(.*)\'\)\;\?>",
+"<\?error\_reporting\(0\)\;\Whost\=urldecode\(\W\_GET\[\'ho\'\]\)(.*)fclose\(\Whttp\)\;die\(\)\;\}\?>",
+"<\?error\_reporting\(0\)\;\Whost\=urldecode\(\W\_COOKIE\[\'ho\'\]\)(.*)socket\_close\(\Wsocket\)\;\}die\(\)\;\}\s*\?>",
+"GIF89a1\s*<\?php\s*eval\(stripslashes\(\@\W\_POST\[\(chr\(112\)\.chr\(49\)\)\]\)\)\;\?>",
+"<\?php\s*\WGLOBALS\[\'(.*)\'\]\=Array\(base64\_decode\((.*)\)\)\;\}\s*\?>",
+"<\!\-\-\#1h8s0a1m\-\->(.*)<\!\-\-\#1h8s0a1m\-\->",
+"<\!\-\-0c0896\-\->(.*)<\!\-\-\/0c0896\-\->",
+"\#0c0896\#(.*)\#\/0c0896\#",
+"\/\*0c0896\*\/(.*)\/\*\/0c0896\*\/",
+"<\?php\s*\Wauth\_pass(.*)\"\,\"\.\"\)\;\s*\?>",
+"<\?php\s*\Wauth\_pass(.*)exit\;",
+"<\?php(.*)me\s*\=\s*basename\(\_\_FILE\_\_\)\;(.*)function\s*reload\(\)\{header\(\"Location\:\s*\"\.basename\(\_\_FILE\_\_\)\)\;\}(.*)\"\,\'\.\'\)\;\?>",
+"<\?php(.*)strrev\(\"edoced\_46esab\"\)\;(.*)\'\)\)\)\)\;\s*\?>",
+"<\?php\s*\Ws\_key\=\'bas\'\.\'e6\'\.\'4\_d\'\.\'ec\'\.\'ode\'\;eval\(\Ws\_key\(\"(.*)\=\"\)\)\;\s*\?>",
+"<\!\-\-Support\s*links\s*begin\-\->(.*)<\!\-\-Support\s*links\s*end\-\->",
+"<\!\-\-f82c4e\-\->(.*)<\!\-\-\/f82c4e\-\->",
+"<\?php\s*\Wzend_framework\=\"(.*)x2f\"\)\;\s*\?>",
+"\Wcookey\s*\=\s*(.*)preg_replace(.*)x3b\"\)\;",
+"<\?php\s*\/\*\s*\<\<Mr\.DevilHacker\>\>\s* dvhma\@yahoo.com\*\/\s*eval\(\"\?\>\"\.gzuncompress\(base64\_decode\((.*)mail\s*\(\Wto\,\Wsubject\,\Wmessage\)\s*;\s*",
+"<form\s*action\=\"\"\s*method\=\"POST\"\>(.*)ProGraMmeD(.*)SrawLkom\s*\:\s*\)\s*\.\s*\<\/p\>\s*\<p\>\Wnbsp\;\s*\<\/p\>",
+"^if\(isset(.*)auth_pass\=(.*)FilesMan(.*);preg_replace\((.*);exit;\s*\}$",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'rV(.*)qLw\=\=\'\)\)\)\;\?>\s*",
+"<\?php\s*if\s*\(\Wisset\(\WsRetry\)\)(.*)stCurlLink\s*\=\s*base64\_decode\(\s*(.*)curl_close\(\WstCurlHandle\);\s*\}\s*\}\s*\?>",
+"<\!\-\-d0e3a6\-\->(.*)<\!\-\-\/d0e3a6\-\->",
+"<\?php\s*\Wzend_framework\=(.*)x2f\"\)\;\s*\?>",
+"eval\(gzinflate\(base64_decode\('rVdtU9tIEv7sVO1(.*)wv'\)\)\);",
+"#0242d5#(.*)#\/0242d5#",
+"<iframe\s*src\=http\:\/\/sexshopsexy\.es\/waser\.html\s*WIDTH\=1\s*HEIGHT\=1\s*frameborder\=0><\/IFRAME>",
+"if\(isset(.*)\=sprintf\(\(substr\(urlencode\(print\_r\(array(.*)eval\(\Wd\)\;\s*\}",
+"ErrorDocument\s*500\s*http\:\/\/cylinderssoundsyou\.portuguesemx\.info\/benrataz\.cgi\W\d",
+"document\.write\(\'<iframe\s*src\=\"http\:\/\/cylinderssoundsyou.portuguesemx.info\/benrataz\.cgi\W\d\"\s*scrolling\=\"auto\"\s*frameborder\=\"no\"\s*align\=\"center\"\s*height\=\"12\"\s*width\=\"12\"><\/iframe>\'\)\;",
+"<script\s*language\=\"JavaScript\"\s*src\=\"http\:\/\/abtt\.tv(.*)jquery\-1\.6\.5\.min\.js\"\s*type\=\"text\/javascript\"><\/script>",
+"#0c0896#(.*)#\/0c0896#",
+"<\!\-\-0c0896\-\->(.*)<\!\-\-\/0c0896\-\->",
+"\/\*0c0896\*\/(.*)\/\*\/0c0896\*\/",
+"<\?php(.*)auth\_pass\=(.*)FilesMan(.*)preg\_replace(.*)exit\;\s*\}\s*\?>",
+"<\?php\s*if\(isset(.*)d\=substr(.*)foreach\(array(.*)sprintf\(\(substr\(urlencode\(print\_r\(array(.*)\?>",
+"<\?php\s*\/\*\s*copyright\s*\*\/(.*)\=base64_decode(.*)exit\;\}\s*\/\*\s*copyright\s*\*\/\s*\?>",
+"<\?php\s*\/\*(.*)\*\/eval\/\*(.*)\*\/base64_decode\/\*(.*)\*\/\s*\?>",
+"<\?php eval\(base64_decode\(\"DQoNCn(.*)o=\"\)\); \?>",
+"RewriteCond\s*\%\{HTTP\_REFERER\}\s*\^\.\*\(google(.*)index\_backup\.php\s*\Wquery\=\W1\s*\[QSA\,L\]",
+"RewriteCond\s*\%\{HTTP\_REFERER\}\s*\^\.\*\(google(.*)index\_backup\.php\s*\[R\=301\,L\]",
+"<\?php\s*eval\(base64\_decode\(\"DQoN(.*)0KDQo\=\"\)\)\;\s*\?>",
+"<iframe\s*src\=\"http\:\/\/(.*)\/\"\s*width\=\"4\"\s*height\=\"2\"><\/iframe>",
+"<\?\s*#0242d5#(.*)#\/0242d5#\s*\?>",
+"<\?php\s*\/\*\.\~\.\~\.\~\.\*\/(.*)\/\*\.\~\.\~\.\~\.\*\/\s*\?>",
+"<\?php\s*?\/\*\*\/\s*?eval\(base64_decode\(\"aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9z(?:.+?)ICB9ICB9\"\)\);\?>",
+"\s*?(?:\/\*\*\/\s*?)?eval\((?:gzinflate\()?base64_decode\(['\"]DQplcnJvcl9yZXBvcn(?:.+?)QoKTsNCn0NCn0NCn0NCn0=['\"]\)(?:\))?\);",
+"<?php\s+\/\*\*\/\s+eval\(base64_decode\(['\"]aWYoZnVuY3(?:.*?)CB9ICB9['\"]\)\);?>",
+"<\?\s*\#bf760a\#(.*)\#\/bf760a\#\s*\?>",
+"eval\(base64_decode\([\'\"]DQp(?:.*)?[\'\"]\)\);",
+"<\?php\s*\/\*\*\/\s*eval\(base64\_decode\(\"aWYoZnV(.*)CB9ICB9\"\)\)\;\?>",
+"<!-- 4ccd15b6d4 -->(.*)<!-- 4ccd15b6d4 -->",
+"\;var\s*\_1O0\=\'\=\=(.*)eval\(ll0\(lOl\(\_1O0\)\)\)",
+"\s*eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);",
+"<iframe\s*src\=\"http\:\/\/riversidetransit\.com\/counter\.php\"\s*style\=\"visibility\:\s*hidden\;\s*position\:\s*absolute\;\s*left\:\s*0px\;\s*top\:\s*0px\"\s*width\=\"10\"\s*height\=\"10\"\/>",
+"\#d93065\#(.*)\#\/d93065\#",
+"\/\*9c282e\*\/(.*)\/\*\/9c282e\*\/",
+"var\s*\_0x4470\=(.*)\(\_0x4470\[1\]\)\,0\,\{\}\)\)\;",
+"ErrorDocument\s*400\s*http\:\/\/(.*)\W\d",
+"<\?\s*error\_reporting\(0\)(.*)if\(\(include\(base64\_decode\(\"aHR0cDovL2Fkcy4\=\"\)(.*)\)\;\}\;\s*\?>",
+"ErrorDocument\s*404\s*\/\/(.*)\.php",
+"<\?\s*\#0242d5\#(.*)\#\/0242d5\#\s*\?>",
+"<title>\s*Alien\s*\-\s*UFO\s*\-\s*<\?php\s*echo\s*getenv\(\"HTTP_HOST\"\)\;\s*\?><\/title>(.*)print\s*\"<pre><center>UpLoad\s*Error\!<\/center><\/pre>\"\;(.*)\?><\/body><\/font><\/font><\/b><\/font>",
+"<IfModule\s*mod\_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteCond\s*\%\{HTTP\_REFERER\}\s*\^\.\*\(google\|ask\|yahoo\|yandex(.*)RewriteRule\s*\(\.\*\)\s*\/index\_backup.php\Wquery\=\W1\s*\[QSA\,L\]\s*<\/IfModule>",
+"<\?\s*\WGLOBALS\[\'(.*)\=Array\(base64\_decode\(.*",
+"<\?php\s*\@error\_reporting\(0\)\;\s*\@set\_time\_limit\(0\)\;\s*\Wstr\=\s*\"(.*)\"\;\s*eval\(GzInFlate\(Str\_Rot13\(Base64\_decode\(\Wstr\)\)\)\)\;\s*\?>",
+"<script\s*type\=\"text\/javascript\"\s*src\=\"http\:\/\/(.*)\.php\"><\/script>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'1V(.*)\'\)\)\)\;\s*\?>",
+"\#0242d5\#(.*)\#\/0242d5\#",
+"<\!\-\-0242d5\-\->(.*)<\!\-\-\/0242d5\-\->",
+"RewriteCond\s*\W\{HTTP\:X\-WAP\-PROFILE\}\s*\!\^\W\s*\[OR\](.*)RewriteCond\s*\W\{HTTP\_ACCEPT\}\s*text\/vnd\.wap\.wml\s*\[NC\]\s*RewriteRule\s*\^\(\.\*\)\s*http\:\/\/(.*)\[L\,R\=302\]",
+"<\?\s*\#0242d5\#(.*)\#\/0242d5\#\s*\?>",
+"<iframe\s*name\=Twitter\s*scrolling\=auto\s*frameborder\=no\s*align\=center\s*height\=2\s*width\=2\s*src\=http\:\/\/(.*)\.html(.*)><\/iframe>",
+"document\.write\(\'<iframe\s*name\=Twitter\s*scrolling\=auto\s*frameborder\=no\s*align\=center\s*height\=2\s*width\=2\s*src\=http\:\/\/(.*)\.html(.*)><\/iframe>\'\)\;",
+"<IfModule\s*mod\_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteBase\s*\/\s*RewriteCond\s*\W\{HTTP\_REFERER\}\s*\^http\:\/\/\[w\.\]\*\(\[\^\/\]\+\)\s*RewriteCond\s*\W\{HTTP\_HOST\}\/\W1\s*\!\^\[w\.\]\*\(\[\^\/\]\+\)\/\D\W\s*\[NC\]\s*RewriteRule\s*\^\.\*\W\s*http\:\/\/(.*)\.html(.*)\[L\,R\]\s*<\/IfModule>",
+"\#b5bee1\#(.*)\#\/b5bee1\#",
+"\/\*b5bee1\*\/(.*)\/\*\/b5bee1\*\/",
+"<\!\-\-b5bee1\-\->(.*)<\!\-\-\/b5bee1\-\->",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'fVdtc9pGEP7czPQ(.*)x5V8\=\'\)\)\)\;\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'hVfrc9pGEP(.*)wI\=\'\)\)\)\;\?>",
+"<script\s*language\=\"JavaScript\"\s*type\=\"text\/javascript\"><\!\-\-\s*var(.*)\;eval\(unescape\(\"(.*)\;document\.write\(u\)\;u\=\"\"\;\/\/\-\->\s*<\/script>",
+"<\?PHP\s*defined\(\'\_OLD\_JEXEC\_\'\)\s*or\s*die\(\@eval\(base64\_decode\(\W\_REQUEST\[\'(.*)\'\]\)\)\)\;\s*\?>",
+"<\?php\s*if\(isset\(\W\_REQUEST\[\"(.*)\"\]\)\)\s*\{\s*eval\(base64\_decode\(\W\_REQUEST\[\"(.*)\"\]\)\)\;\s*exit\;\s*\}\s*else\s*\{\s*die\(\"404\s*Not\s*Found\"\)\;\s*\}\?>",
+"function\_exists\(\'date\_default\_timezone\'\)\s*\?\s*date\_default\_timezone\_set\(\'America\/Los\_Angeles\'\)\s*\:\s*\@eval\(base64\_decode\(\W\_REQUEST\[\'(.*)\'\]\)\)\;",
+"<\?PHP\s*define\(\'REAL\_SERVER\_ROOT\'\,\s*\'SERVER\'\)\;\s*\/\/DIR(.*)define\(\'SYSTEM\_SKEL\_DIR\'\,\s*\'skel\'\)\s*\?\s*\@eval\(base64\_decode\(\W\_REQUEST\[\'(.*)\'\]\)\)\s*\:(.*)define\(\'WORKGROUPS\_META\_SETTINGS\_FILENAME\'\,\s*\'settings.xml\'\)\;\s*\?>",
+"<\?php\s*echo\s*\'<b>Sw\s*Bilgi<br><br>\'\.php\_uname\(\)\.\'<br><\/b>\'\;(.*)else\s*\{\s*echo\s*\'<b>Basarisiz<\/b><br><br>\'\;\s*\}\s*\}\s*\?>",
+"<\?php\s*preg\_replace\(\"\/\.\*\/e\"\,\"(.*)\"\,\"\"\)\;\s*\?>",
+"<\?php\s*\Wauth\_pass\s*\=\s*\"(.*)\"\s*\Wcolor\s*\=\s*\"(.*)preg\_replace\(\"\/\.\*\/e\"\,\"(.*)\"\,\"\.\"\)\;\?>",
+"\#GIF89\;<br><br>\s*<Hmei7>\s*<\?php\s*if\s*\(\s*isset\(\W\_GET\[\'versi\'\]\)\s*\)\'s*\{\s*vers\(\)\;(.*)fff\s*\=\s*fopen\(\'\.\/images\/\'\.\Wnama\,\s*\'w\'\)\;\s*fwrite\(\Wfff\,\s*\Wtmp\)\;\s*fclose\(\Wfff\)\;\s*\}\s*\?>",
+"<\?php\s*if\(\!empty\(\W\_FILES\[\'message\'\]\[\'name\'\]\)\s*AND\s*\(md5\(\W\_POST\[\'nick\'\]\)\s*\=\=(.*)<br\/>Nick\:\s*<br\/><input\s*name\=\"nick\"\s*value\=\"\"\/><br\/>\s*<input\s*type\=\"submit\"\s*value\=\"Sent\"\s*\/>\s*<\/form>\s*<\/body>\s*<\/html>\'\;",
+"<\!\-\-0c45ef\-\->(.*)<\!\-\-\/0c45ef\-\->",
+"<\?php\s*\Wis\_bot\s*\=\s*FALSE\s*;\s*\Wuser\_agent\_to\_filter\s*\=\s*array\(\s*\'\#fileuploads\#\'\)\s*\;(.*)<title>404\s*Not\s*Found<\/title>\s*<\/head><body>\s*<h1>Not\s*Found<\/h1>\s*<\/body><\/html>\s*\'\;\s*\?>",
+"<\?php\s*eval\(base64\_decode\(\'c2Vzc2lvbl9zdGFydCgpOw(.*)klzQ3JlYXRlIik7Cn0\=\'\)\)\;\s*\?>",
+"<\?php\s*\Wd\=substr\(8\,1\)\;foreach\(array\((.*)d\.\=sprintf\(\(substr\(urlencode\(print\_r\(array\(\)\,1\)\)\,5\,1\)\.c\)\,\Wc\)\;\}eval\(\Wd\)\;exit\;\s*\?>",
+"if\(\@\W\_POST\[\'(.*)\'\]\)\{eval\(base64\_decode\(\W\_POST\[\'(.*)\'\]\)\)\;\s*exit\(\)\;\}php\s*if\(\@\W\_POST\[\'(.*)\'\]\)\{eval\(base64\_decode\(\W\_POST\[\'(.*)\'\]\)\)\;\s*exit\(\)\;\}",
+"<\?php\s*\Whost\s*\=(.*)eval\(base64\_decode\(str\_rot13\(strrev\(base64\_decode\(str\_rot13\((.*)curl\_close\(\Wch\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DdK1EqzYAkDRf5noThFA410TAQd3l(.*)w\=\=\"\)\)\)\;\s*\?>",
+"<\?php\s*\/\/Counter\s*V\.1\.25\s*\/\/Generated\s*by\s*server\s*\/\/Do\s*not\s*delete\s*eval\(gzuncompress\(base64\_decode\(\'eF6FUlFLwzAY(.*)LPD5x\'\)\)\)\;\s*\?>",
+"<\?php\s*if\s*\(\!isset\(\WsRetry\)\)\s*\{\s*global\s*\WsRetry\;(.*)stCurlLink\s*\=\s*base64\_decode\(\s*\'aHR0cDovL2NvbnFzdGF0LmNvbS9zdGF0L3N0YXQucGhw\'\)\.\'\?(.*)curl\_close\(\WstCurlHandle\)\;\s*\}\s*\}\s*\?>",
+"<\!\-\-\s*linkslspw\s*\-\->(.*)<\!\-\-\s*linksbmtr\s*\-\->",
+"<\?php\s*\/\*\s*This\s*file\s*is\s*protected(.*)\*\/\WOOO000000\=urldecode\(\'\%66\%67(.*)GLOBALS\[\'OOO0000O0\'\]\(\'JE8wMDBPME8(.*)\=alVnRPIq",
+"<\?\s*if\(\@\W\_POST\[\'(.*)\'\]\)\{eval\(base64\_decode\(\W\_POST\[\'(.*)\'\]\)\)\;\s*exit\(\)\;\}\s*\?>",
+"<\?php\s*if\(isset\(\W\_GET\[\"(.*)\"\]\)\)\{\s*\Wauth\_pass\=\"\"\;\Wcolor\=\"\#df5\"\;\Wdefault\_action\=\"FilesMan\"(.*)7X1re9s2z(.*)x3B\"\,\"\.\"\)\;\s*exit\;\s*\}\s*\?>",
+"<\?php\s*if\(\!empty\(\W\_SERVER\[\'HTTP\_USER\_AGENT\'\]\)\)\s*\{\s*\Wv2045f746\s*\=\s*array\(\"Google\"\,\s*\"Slurp\"\,\s*\"MSNBot\"(.*)return\s*\Wve04aa510\s*\;\s*\}\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZQ1rtwKAADvkiqRCzMpSmFm5m2(.*)R8\=\"\)\)\)\;\s*\?>",
+"<IfModule\s*mod\_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteBase\s*\/\s*RewriteCond\s*\%\{HTTP\_REFERER\}\s*\^http\:\/\/\[w\.\]\*\(\[\^\/\]\+\)\s*RewriteCond\s*\%\{HTTP\_HOST\}\/\%1\s*\!\^\[w\.\]\*\(\[\^\/\]\+\)\/\W1\W\s*\[NC\]\s*RewriteRule\s*\^\.\*\W\s*http\:\/\/(.*)\[L\,R\]\s*<\/IfModule>",
+"<\?php\s*if\s*\(isset\(\W\_POST\[\'(.*)\'\]\)\)\s*\{\s*eval\(\W\_POST\[\'(.*)\'\]\)\;\s*\}\;\s*\?>",
+"<\?php\s*eval\(base64\_decode\(\'ZXJyb3JfcmVwb3(.*)VcbiIpOwp9Cn0KfQo\=\'\)\)\;\s*\?>",
+"<\?php\s*session\_start\(\)\;\s*set\_time\_limit\(0\)\;(.*)function\s*cmdexec\(\Wcmd\)\s*\{\s*if\(function\_exists\(\'exec\'\)\)\@exec\(\Wcmd\)\;(.*)print\(\"IsCreate\"\)\;\s*\}\s*\?>",
+"<\?php\s*print\(\"Direct\s*Access\s*Not\s*Allowed\"\)\;\s*if\(\s*\W\_GET\[\'token\'\]\s*\=\=\s*\"up\"\s*\)\s*\{(.*)echo\s*\'<b>K\.O<\/b><br><br>\'\;\s*\}\s*\}\s*\}\s*\?>",
+"<\?php\s*\@set\_time\_limit\(0\)\;\s*\@error\_reporting\(NULL\)\;(.*)<\/p><\/body\s*><\/html\s*>\'\;die\(\)\;exit\(\)\;\s*\}\s*\?>",
+"<\?php\s*defined\(\'\_JEXEC\'\)\s*or\s*die\(\'Restricted\s*access\'\)\;\s*class\s*modJGAHelper\s*\{(.*)\Wadm\s*\=\s*\"006\"\.\Wxls\;\s*return\s*\Wadm\;\s*\}\s*\}\s*\}",
+"<\?php\s*session\_start\(\)\;\s*\Wme\=\W\_SERVER\[\'PHP\_SELF\'\]\;(.*)\W\_SESSION\[\'LoGiN\'\]\=true\;(.*)value\=Upload\s*\/><\/form>\"\;\s*\?>",
+"<\?php\s*if\s*\(\W\_GET\[\'g0\'\]\=\=\'g3t\'\)\s*\{\s*\Wdocr\s*\=\s*\W\_SERVER\[\"DOCUMENT\_ROOT\"\]\;\s*echo\s*\<\<\<HTML(.*)passthru\(\W\_GET\[\'g3t\'\]\)\;\s*echo\'<\/pre>\'\;\s*exit\;\s*}\s*\?>",
+"echo\"\s*<div\s*id\=\'newsline\'>(.*)viagraonlineget(.*)if\(document\.getElementById\(\'newsline\'\)(.*)\.style\.height\s*\=\s*\'0px\'\;\}<\/script>\s*<\/body>\s*<\/html>\s*\"\;",
+"<iframe\s*src\=\"http\:\/\/(.*)\/counter\.php\"\s*style\=\"visibility\:\s*hidden\;\s*position\:\s*absolute\;\s*left\:\s*0px\;\s*top\:\s*0px\"\s*width\=\"10\"\s*height\=\"10\"\/>",
+"<\!\-\-c3284d\-\->(.*)<\!\-\-\/c3284d\-\->",
+"<iframe\s*name\=Twitter\s*scrolling\=auto\s*frameborder\=no\s*align\=center\s*height\=2\s*width\=2\s*src\=http\:\/\/(.*)><\/iframe>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"FZRFrsUIggTv0q(.*)33f\/4P\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"JZ3HkqzKlkT(.*)\+\+\+9\/\/w8\=\"\)\)\)\;\s*\?>",
+"<IfModule\s*mod\_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteBase\s*\/\s*RewriteCond\s*\%\{HTTP\_REFERER\}\s*\^http\:\/\/\[w\.\]\*\(\[\^\/\]\+\)\s*RewriteCond\s*\%\{HTTP\_HOST\}\/\%1\s*\!\^\[w\.\]\*\(\[\^\/\]\+\)\/\W\s*\[NC\]\s*RewriteRule\s*\^\.\*\W\s*http\:\/\/(.*)\[L\,R\]\s*<\/IfModule>",
+"<\?php\s*echo\s*\"<script\s*type\=\'text\/javascript\'>(.*)<\/script>\"\s*\?><\!\-\-\s*\~\s*\-\-><\!\-\-\s*\~\s*\-\->",
+"<\?php\s*\/\*\*\/eval\(base64\_decode\(\'aWYo(.*)JoJyk7fX19\'\)\)\;\s*\?>",
+"<\?php\s*\/\*\s*WARNING\:(.*)\Wo\=\"QAAAOzh3b3cNKC0tDSctJ09maQAAY(.*)FsKCRsbGxsbGxsbGwpOw\=\=\"\)\)\;return\;\?>",
+"<\?php\s*\Wauth\_pass\s*\=\s*\"(.*)\Wcolor\s*\=\s*=\"(.*)\Wdefault\_action\s*\=\s*\'(.*)\Wdefault\_use\_ajax\s*\=\s*true\;\s*\Wdefault\_charset\s*\=\s*\'Windows\-1251\'\;\s*preg\_replace\(\"\/\.\*\/e\"\,\"(.*)\"\,\"\.\"\)\;\?>",
+"<\?php\s*\/\*\s*Plugin\s*Name\:\s*GSM(.*)c99sh_surl(.*)c99shexit\(\)\;\s*\?>",
+"<\?php\s*\W(.*)array\(\"(.*)\"\)\;eval\(\"(.*)x3B\"\)\;\?>",
+"<\?php\s*\Wurls\s*\=\s*array\s*\(\s*\'http\:\/\/(.*)\'\,\s*\)\;\s*\Wn\s*\=\s*mt\_rand\(0\,count\(\Wurls\)\s*\-\s*1\)\;\s*\Wrand\_url\s*\=\s*\Wurls\[\Wn\]\;\s*\?>\s*<meta\s*http\-equiv\=\"refresh\"\s*content\=\"1\;\s*url\=<\?php\s*echo\s*\Wrand\_url\;\?>\s*\">",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DdS3roYKrgXgd5nqHFGQ4UdXU5(.*)Aw\=\=\"\)\)\)\;\s*\?>",
+"<\?php\s*\W(.*)\=\s*\"e\/\*\.\/\"\;\s*preg\_replace\(strrev\((.*)x3B\"\,\"\.\"\)\;\?>",
+"<\?php\s*\W(.*)\=\s*array\(\'(.*)\'\)\;\s*\W(.*)\=\s*strrev\(\'edoced\_46esab\'\)\;\s*\W(.*)\=\s*strrev\(\'(.*)\'\)\;\s*eval\(\W(.*)\(implode\(\'\'\,\W(.*)\)\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DVa1DutYFPyXr(.*)Aw\=\=\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZVHDqwIAkPv0qv(.*)8\=\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DdQ3DrTWAkDhvbi(.*)w8\=\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZa1zsUKrkbfZapzlCKwgxpNE(.*)8f\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"FZM1EqUKAgDv8qP5RYA(.*)M\/\"\)\)\)\;\s*\?>",
+"Restricted\s*accoss\s*<\?php\s*error\_reporting\(0\)\;\s*ini\_set\(\"max\_execution\_time\"\,0\)\;\s*ini\_set\(\"default\_socket\_timeout\"\,\s*2\)\;\s*ob\_implicit\_flush\s*\(1\)\;\s*\Wfile\s*\=\s*\"\"\.\W\_POST\[\"path\"\]\;\s*\Wfh\s*\=\s*fopen\s*\(\Wfile\,\s*\'w\'\)\s*or\s*die\(\"\"\)\;\s*echo\s*fwrite\s*\(\Wfh\,\s*stripslashes\(\W\_POST\[\"raw\_data\"\]\)\)\;\s*fclose\(\Wfh\)\;",
+"<\?php\s*if\s*\(isset\(\W\_REQUEST\[\'(.*)\'\]\)\)\s*\{\s*eval\(stripslashes\(\W\_REQUEST\[\'(.*)\'\]\)\)\;\s*\}\s*else\s*\{\s*echo\s*\"(.*)\"\;\s*\}\s*\?>",
+"<\?php\s*\/\*(.*)\*\/\s*eval\(gzinflate\(base64\_decode\(\'(.*)\'\)\)\)\;\?>",
+"<\?\s*error\_reporting\(0\)\;\Wa\=\(isset\(\W\_SERVER\[\"HTTP\_HOST\"\]\)(.*)if\(\(include\(base64\_decode\((.*)file\_get\_contents\(base64\_decode\(\"(.*)curl\_exec\(\Wcu\)\;curl\_close\(\Wcu\)\;eval\(\Wo\)\;\}\;die\(\)\;\s*\?>",
+"Options\s*\-MultiViews\s*ErrorDocument\s*404(.*)\.php",
+"<script>try\{document\.body\+\+}catch\((.*)\)\{try\{d\=document\[\"createElement\"\]\(\"span\"\)\;\}catch\((.*)\}try\{if\(ww\.document\)window\[\"doc\"\+\"ument\"\]\[\"body\"\]\=\"(.*)\=String\[\"fromCharCode\"\]\(parseInt\(n\[i\]\,12\*2\+2\)\)\;\}z\=s\;vl\=\"val\"\;if\(ww\.document\)eval\(z\)\}\}\}\}<\/script>",
+"\#e2aa4e\#(.*)\#\/e2aa4e\#",
+"<\!\-\-e2aa4e\-\->(.*)<\!\-\-\/e2aa4e\-\->",
+"\#\s*exgocgkctswo\s*RewriteEngine\s*On(.*)\[R\=301\,L\]\s*\#\s*exgocgkctswo",
+"<IfModule\s*prefork\.c>\s*RewriteEngine\s*On\s*RewriteCond\s*\%\{REQUEST\_METHOD\}\s*\^GET\W(.*)<\/IfModule>\s*\#def7ed10b57fad1c63ba7d021fc22c8227e3b1a6b1e9cb70e1a150c7",
+"eval\(base64\_decode\(\'ZXJyb3JfcmVwb3J0aW5n(.*)d8Jyk7IGZjbG9zZSgkZnApO30NCn0\=\'\)\)\;",
+"eval\s*\(base64\_decode\s*\(\"aWYgKGlzc2V0KCRfUkVR(.*)hR0t0ZVhybmp6ZWRIICov\"\)\)\;",
+"<\?php\s*\/\*\s*WSO\s*2\.1\s*\(Web\s*Shell\s*by\s*r0x\)\s*\*\/(.*)call\_user\_func\(\'action\'\s*\.\s*\W\_POST\[\'a\'\]\)\;\s*\?>",
+"<\?php\s*\Whead\s*\=\s*\'(.*)Configuration\s*File\s*Killer(.*)symlink\(\Wrs\,\Wr\)\;\s*\}\s*\}\s*\}\s*\?>",
+"<title>Wordpress\s*MassDeface(.*)function\s*file\_get\_contents2(.*)return\s*\Wresult\s*\;\s*\}\s*\?>",
+"<\?php\s*error\_reporting\(7\)\;\s*\@set\_magic\_quotes\_runtime\(0\)\;\s*ob\_start\(\)\;(.*)scookie\(\'loginpass\'\,encode\_pass\(\Wpassword\)\)\;(.*)function\s*pr\(\Ws\)\{\s*echo\s*\"<pre>\"\.print\_r\(\Ws\)\.\'<\/pre>\'\;\s*\}\s*\?>",
+"<\?php\s*set\_magic\_quotes\_runtime\(0\)\;\s*if\(strtolower\(substr\(PHP\_OS\,0\,3\)\)\s*\=\=\s*\"win\"\)\s*\{(.*)Command\s*completed<\/b><\/center>\"\;\s*\}\s*exit\;\s*\?>",
+"<IfModule\s*mod\_rewrite\.c>(.*)\^http\:\/\/\[w\.\]\*\(\[\^\/\]\+\)(.*)\[L\,R\]\s*<\/IfModule>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DdU3EqxWAgDAuyj6(.*)\/\/AQ\=\=\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZQ1DuwGAETvkup\/(.*)\/\/\/77Pw\=\=\"\)\)\)\;\s*\?>",
+"<\?php\s*\Whost\s*\=\s*\'(.*)eval\(base64\_decode\(str\_rot13\(strrev\(base64\_decode\(str\_rot13\(\W\_POST\[\'(.*)\'\]\)\)\)\)\)\)\;(.*)curl\_close\(\Wch\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZY1ssWIFQX34mimFIipHIm(.*)\+\+\/\/\/73\/w\=\=\"\)\)\)\;\s*\?>",
+"<\?(.*)Guardi4n(.*)eval\(gzinflate\(base64\_decode\(\'7P15f9s4kjgO\/(.*)AQ\=\=\'\)\)\)\;\s*\?>",
+"<\?php\s*if\(isset\(\W\_GET\[\"(.*)\"\]\)\)\{\s*\Wauth\_pass\=\"\"\;\Wcolor\=\"\#df5\"\;\Wdefault\_action\=\"FilesMan\"(.*)x3B\"\,\"\.\"\)\;\s*exit\;\s*\}\s*\?>",
+"<\?php(.*)\=\s*\"(.*)\"\;\s*if\(isset\(\W\_REQUEST\[\'(.*)\'\]\)\)\s*\{(.*)\=\s*\W\_REQUEST\[\'(.*)\'\]\;\s*eval\((.*)\)\;\s*exit\(\)\;\s*\}\s*if\(isset\(\W\_REQUEST\[\'(.*)\'\]\)\)\s*\{(.*)\=\s*\W\_REQUEST\[\'(.*)\=\s*fopen\((.*)\,\s*\'w\'\)\;(.*)\=\s*fwrite\((.*)\)\;\s*fclose\((.*)\;\s*echo(.*)\;\s*exit\(\)\;\s*\}\s*\?>",
+"<\?php\s*if\(\!empty\(\W\_SERVER\[\'HTTP\_USER\_AGENT\'\]\)\)\s*\{(.*)if\(\!\@move\_uploaded\_file\(\@\W\_FILES\[(.*)if\s*\(\!function\_exists\(\"posix\_getpwuid\"\)(.*)\)\;\s*return(.*)\;\s*\}\s*\?>",
+"ww\=\(1\)\?this\:12\;v\=\"v\"\.concat\(\"al\"\)(.*)\/\*\/afde63\*\/",
+"\(function\s*\(\)\s*\{\s*var\s*ccs\s*\=\s*document\.createElement\(\'iframe\'\)\;(.*)\/\*\/04b037\*\/",
+"\/\*e2aa4e\*\/(.*)\/\*\/e2aa4e\*\/",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZVHzoRaooP30qN(.*)\/\/\/7f\/wM\=\"\)\)\)\;\s*\?>",
+"\#c3284d\#(.*)\#\/c3284d\#",
+"<\?php\s*error\_reporting\(0\)\;\s*if\(isset\(\W\_POST\[\"(.*)\"\]\)\s*and\s*isset\(\W\_POST\[\"(.*)\"\.\s*base64\_encode\(\W\_POST\[\"(.*)\"\.\s*base64\_encode\(md5\(\W\_POST\[\"(.*)\@include\_once\(base64\_decode\(\"(.*)ip2long\(getenv\(REMOTE\_ADDR\)\)\)(.*)\"\.\s*base64\_encode\(\W\_SERVER\[\"SERVER\_NAME\"\](.*)uname\s*\-a\`\;\}\s*\}\s*\?>",
+"document\.write\(\'\'\)\;",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"FZZFrsUIskT30qMqeWAm\/(.*)\/\/\/7f\/wM\=\"\)\)\)\;\s*\?>",
+"<IfModule\s*mod\_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteRule\s*obr\-\(\.\*\)\W(.*)\/435\.php\s*\[L\]\s*<\/IfModule>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"FZzHsqRaskT\/pUf3GgO0(.*)\+ffff\/\/7\/w\=\=\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZRHDqRYAgXv0qtqsYDEfEC(.*)\/\/\/33P\/8H\"\)\)\)\;\s*\?>",
+"\#c3284d\#(.*)\#\/c3284d\#",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DdRFrsTaAQTQvWT0(.*)z777\/\/\/T8\=\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZS3rqRYAET\/(.*)\/\/\/vM\/\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZQ3soRYAgTvs(.*)\/\/97\/8B\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"FZVHroTalkTn8lvviQaQcICjr2rgEpOYxJtOCU\/(.*)z777\/\/\/T8\=\"\)\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'xZhNa9tAEIbvhfyHxR(.*)\+gWf\/vUG\'\)\)\)\;\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'1RprcxM58jtV\/(.*)\/GP8B\'\)\)\)\;\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"DZQ1Du0GAgDvkiqRCzMpSmFmZjcrM9Mz\+\/(.*)\+\+eff\/wM\=\"\)\)\)\;\s*\?>",
+"<script>try\{document\.body\+\+}catch\((.*)try\{if\(ww\.document\)window\[\"doc\"\+\"ument\"\]\[\"body\"\]\=(.*)if\(ww\.document\)eval\(z\)\}\}\}\}<\/script>",
+"<font\s*id\=\"(.*)\"\s*color\=\"white\"\s*style\=\"height\:\s*0\;overflow\:\s*hidden\;width\:\s*0\;\s*position\:\s*absolute\;\s*font\-family\:courier\;\s*font\-size\:15px\"\s*>(.*)<\/font>",
+"<\?php\s*\/\*\*(.*)function\s*CoreLibrariesHandler\(\)\s*\{(.*)\?><\?php\s*\W\_POST\[\'w\'\]\=base64\_encode\(\'echo\s*time\(\)\;\'\)(.*)base64\_decode\(str\_replace\((.*)\"<\"\.\"\?php\s*\"\.str\_replace\(\'exit\;\'(.*)else\{eval\((.*)\)\;\}\}exit\;\}\?>",
+"<\?php\s*\/\*\*(.*)foreach\(str\_split\((.*)\?><\?php\s*\Ww\=showimg\;if\(isset\(\W\_GET\[\Ww\]\)\)(.*)base64\_decode\(str\_replace\((.*)\)\;\}exit\;\}\?>",
+"<\?php\s*\/\*\*(.*)register\_shutdown\_function\((.*)\?>Goog1e\_analist\_up<\?php(.*)move\_uploaded\_file\((.*)FILES\[\'f\'\]\[\'name\'\]\)\;\}\?>",
+"<\?php\s*\/\*\*(.*)session\_keys\s*\=\s*\'(.*)\s*\?><\?php\s*\/\*\s*\WId\:\s*images\.php(.*)if\s*\(isset\(\W\_GET\[\"cookie\"\]\)\)(.*)\@eval\(base64\_decode\(\W\_POST\[\"(.*)exit\;\s*\}\s*\?>",
+"<\?php\s*\/\*\*(.*)foreach\(str\_split\((.*)\?><\?php\s*\/\/Obfuscation(.*)x65\"\;\@eval\((.*)\"\)\)\;\s*\?>",
+"<\?php\s*\/\*\*(.*)register\_shutdown\_function\((.*)\?><\?php\s*if\s*\(isset\((.*)\'\]\)\)\s*eval\(stripslashes\((.*)\'\]\)\)\;\s*\?>",
+"<\?php\s*\/\*\*(.*)\?><\?php\s*\#\s*Web\s*Shell(.*)exit\;\s*\?>",
+"<\?php\s*\/\*\*(.*)\=\s*chr\(bindec\((.*)\?><font\s*id\=\"(.*)\"\s*color\=\"black\"\s*style\=\"height\:\s*0\;overflow\:\s*hidden\;width\:\s*0\;\s*position\:\s*absolute\;\s*font\-family\:Roman\;\s*font\-size\:11px\"\s*>(.*)<\/font>",
+"<html><head>(.*)Hacked\s*by(.*)<\/body><\/html>",
+"<\?php\s*\/\*\*(.*)register\_shutdown\_function\(\'CoreLibrariesHandler\'\)\;(.*)\?><\?php(.*)result\s*\=\s*mysql\_query\s*\(\'SELECT\s*customers\_firstname\,customers\_email\_address\,customers\_password\s*FROM\s*\'\.TABLE\_CUSTOMERS\)\;(.*)\}\s*\?>",
+"<\?php\s*\/\*\*(.*)foreach\(str_split\((.*)\?><\?php\s*if\(isset\(\W\_GET\[\'dl\'\]\)\s*\&\&\s*\(\W\_GET\[\'dl\'\]\s*\!\=\s*\"\"\)\)(.*)software\s*\=\s*getenv\(\"SERVER\_SOFTWARE\"\)(.*)function\s*get\_perms\((.*)port\_bind\_bd\_c\=\"(.*)\?>\s*<html><head><title>\.\:\:w33d\:\:\.<\/title>(.*)<\/body>\s*<\/html>",
+"if\s*\(isset\(\W\_GET\[\"cookie\"\]\)\)\s*\{\s*echo\s*\'cookie\=(.*)\'\;\s*if\s*\(isset\(\W\_POST\[\"(.*)\"\]\)\)\s*\@eval\(base64\_decode\(\W\_POST\[\"(.*)\"\]\)\)\;\s*exit\;\s*\}",
+"if\s*\(isset\(\W\_REQUEST\[\'(.*)\'\]\)\)\s*eval\(stripslashes\(\W\_REQUEST\[\'(.*)\'\]\)\)\;",
+"<\?php\s*\/\*\s*\*\/\WOOO000000\=urldecode\(\'(.*)\'\)\)\;return\;\?>(.*)",
+"<\?php\s*\WOOO000000\=urldecode\(\'(.*)\'\)\)\;\s*\?><\?php\s*\/\*\s*\*\/\WOOO000O00\=(.*)\'\)\)\;return\;\?>(.*)",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\"(.*)\"\)\)\)\;\s*\?>",
+"<\?php\s*\/\*\*(.*)foreach\(str_split\((.*)\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\/\s*\?>",
+"<script\s*type\=\"text\/javascript\">\s*if\s*\(typeof\(redef\_colors\)\=\=\"undefined\"\)\s*\{(.*)function\s*div\_pick\_colors\(t\,styled\)\s*\{(.*)try\_pick\_colors\(\)\;\s*\}\s*<\/script>",
+"<\?php\s*set\_time\_limit\(0\)\;(.*)GLOBALS\[\'(.*)\'\]\=Array\(base64\_decode\((.*)\'\)\,base64\_decode\(\'\'\s*\.\'(.*)\?><\?php\s*function(.*)\?>",
+"<\?php\s*\/\*GIF89a(.*)\*\/function\s*tdo\(\)\{echo\s*base64\_decode\(\'(.*)\;\*\/\?>",
+"<\?php\s*if\(md5\(\W\_POST\[\"(.*)\"\]\)\=\=\"(.*)\"\)\{eval\(base64\_decode\(\W\_POST\[\"(.*)\"\]\)\)\;\}\s*\?>",
+"<\?php\s*\#v2\.3\s*\/\/Version\s*\Wauth\_pass\s*\=\s*\"\"\;\s*\/\/(.*)preg\_replace\(\"\/\.\*\/e\"\,\"(.*)x3B\"\,\"\.\"\)\;\?>",
+"<\?php\s*\Wi\=\W\_GET\[\'i\'\]\;\s*print\s*file\_get\_contents\(\Wi\)\;\s*exit\;\s*\?>",
+"<\?php\s*if\(isset\(\W\_GET\[\'dl\'\]\)(.*)port\_bind\_bd\_c\=\"(.*)\?>\s*<\/div>\s*<\/body>\s*<\/html>",
+"<\?\s*\WPASSWORD\s*\=\s*\"(.*)setcookie\(\s*\"mysql\_web\_admin\_username\"\s*\)\;(.*)function\s*dropDatabase\(\)\s*\{(.*)\/\/\-\->\s*<\/style>\s*<\/head>",
+"<\?php\s*\Wauth\s*\=\s*0\;(.*)echo\s*\@eval\(base64\_decode\(\'(.*)<\/span>\s*<\/body>\s*<\/html>",
+"<\?php\s*\#\s*Web\s*Shell(.*)preg\_replace\(\"\/\.\*\/e\"\,\"(.*)x3B\"\,\"\.\"\)\;\?>",
+"<\?php\s*\/\/(.*)\@error\_reporting\(0\)\;\s*\@set\_time\_limit\(0\)\;\s*\Wcode\s*\=\s*\"(.*)\"\;\s*eval\(gzinflate\(base64\_decode\(\Wcode\)\)\)\;\s*\?>",
+"<BODY\s*OnKeyPress\=\"GetKeyCode\(\)\;\"(.*)<a\s*onclick\=\"window\.open\(\'http\:\/\/(.*)printit\(\"ERROR\:\s*Can\'t\s*spawn\s*shell\"\)\;(.*)Metasploit\s*Bacconnect<\/font><\/a><\/form>\'\;\s*\?>",
+"GIF89\;<br><br>\s*<Hmei7>\s*<\?php(.*)echo\s*\'<b>Upload\s*Gagal\s*\!\!\!<\/b>(.*)fclose\(\Wfff\)\;\s*\}\s*\?>",
+"<\?\s*eval\(gzinflate\(str\_rot13\(base64\_decode\(\'(.*)\'\)\)\)\)\;\s*\?>",
+"<\?php\s*if\(isset\((.*)message\s*\=\s*urlencode\((.*)subject\s*\=\s*ereg\_replace\(\"(.*)from\=\"From\:\s*GRATIS\s*<(.*)\"<script>alert\(\'Mail\s*sending\s*complete\W\Wr\W\Wn\Wnumemails\s*mail\(s\)\s*was\s*sent\s*IN\s*NO\s*TIME\'\)\;\s*<\/script>\"\;\}\s*\?>\s*<\/span>\s*<\/body>\s*<\/html>",
+"<\?php\s*if\(\W\_GET\[\"(.*)\"\]\)\{die\(\W\_GET\[\"(.*)\"\]\)\;\}elseif\(\W\_POST\[\"(.*)\"\]\)\{eval\(base64\_decode\(str\_rot13\(strrev\(base64\_decode\(str\_rot13\(\W\_POST\[\"(.*)\"\]\)\)\)\)\)\)\;exit\;\}\s*\?>",
+"<\?php\s*\/\/(.*)\/\/\s*Set\s*Username\s*\W\s*Password(.*)\"\;\s*eval\(\"\?>\"\.gzuncompress\(base64\_decode\((.*)\)\)\)\;\s*\?>",
+"<\?php\s*\W\_F\=\_\_FILE\_\_\;\W\_X\=\'(.*)\'\;eval\(base64\_decode\(\'(.*)\'\)\)\;\?>",
+"<\?php\s*if\(isset\(\W\_GET\[\"(.*)\"\]\)\)\{\s*\/\/(.*)\W\_\=\s*\/\/system\s*file\s*do\s*not\s*delete(.*)\"\;eval\(\W\_\_\_\(\W\_\_\)\)\;\s*exit\;\s*\}\s*\?>",
+"<\?php\s*\@\Waction\=\W\_POST\[\'action\'\]\;(.*)if\s*\(\Waction\=\=\"send\"\)\{\s*\Wmessage\s*\=\s*urlencode\(\Wmessage\)\;(.*)<p\s*class\=\"style1\"><\/p>\s*<\/body>\s*<html>",
+"<\?php\s*mkdir\(\'\/home\/(.*)\'\,\s*0777\)\;(.*)\"<meta\s*http\-equiv\=\W\"Refresh\W\"\s*content\=\W\"0\;\s*URL\=http\:\/\/(.*)\'\;\s*echo\s*\'(.*)\'\.\"\Wn\"\;",
+"RewriteBase\s*\/\s*RewriteEngine\s*on\s*RewriteCond\s*\%\{HTTP\_REFERER\}\s*\.\*ask\.\*\s*\[OR\](.*)RewriteCond\s*\%\{HTTP\_REFERER\}\s*\.\*hotmail\.\*\s*RewriteRule\s*\^\(\.\*\)\W\s*http\:\/\/(.*)\/\s*\[R\=301\,L\]",
+"ErrorDocument(.*)http\:\/\/(.*)\.com\/",
+"<\?\Wtds\=\"http\:\/\/(.*)\"\;\Wtdsip\=\"(.*)\"\;\Wlin\=\"echo\:\/\/\"\;\Wesdid\=\"redic_1\"\;\Wkey\=\"(.*)\"\;\?><\?\/\/BREACK\/\/\?>",
+"<\?php\s*\/\/ConfGui(.*)error\_reporting\(0\)\;(.*)<\?\/\/BRE\'\;\Wkaka\=\Wka\.\'ACK\/\/\?>\'\;\Wfelp\s*\=\s*explode\(\Wkaka\,\s*\Wfile\[\Wi\]\)\;(.*)If\(\Wgotoe\[0\]\=\=\'echo\'\)\{echo\s*\Wgoto\_body\;\}\s*\?>",
+"RewriteBase\s*\/\s*RewriteEngine\s*on\s*RewriteCond\s*\%\{HTTP\_REFERER\}\s*\.\*spamcop\.\*\s*RewriteRule\s*\^\(\.\*\)\W\s*http\:\/\/(.*)\/\s*\[R\=301\,L\]",
+"<\?php\s*error\_reporting\(0\)\;include\_once\s*\W\_SERVER\[\'DOCUMENT\_ROOT\'\]\.\'\/wp\-apps\.php\'\;\?>",
+"<\!\-\-6b1ee4\-\->(.*)<\!\-\-\/6b1ee4\-\->",
+"\#6b1ee4\#(.*)\#\/6b1ee4\#",
+"eval\(base64\_decode\(\"DQplcnJvcl9yZXBvcnRpbmcoMCk7(.*)7DQpleGl0KCk7DQp9DQp9DQp9DQp9DQp9\"\)\)\;",
+"<iframe\s*src\=\"http\:\/\/(.*)\.php\"\s*style\=\"visibility\:\s*hidden\;\s*position\:\s*absolute\;\s*left\:\s*0px\;\s*top\:\s*0px\"\s*width\=\"10\"\s*height\=\"10\"\/>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'tVhtc9pIEv7sq7r\/(.*)\/7\/\/Gw\=\=\'\)\)\)\;\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'tVhtc9pIEv7sq7r(.*)\'\)\)\)\;\?>",
+"<\?php\s*eval\(base64\_decode\(\"DQoNCnByaW50IEBm(.*)SSSddKSk7DQoNCg\=\=\"\)\)\;\s*\?>",
+"<\?php\s*eval\(gzinflate\(base64\_decode\(\'tVhtc9pIEv7sq9r(.*)\=\'\)\)\)\;\?>",
+"<\?php\s*eval\(gzinflate\(base64_decode\(\'tVj7c9rWEv7Znbn\/(.*)\'\)\)\)\;\?>",
+"\#68c8c7\#(.*)\#\/68c8c7\#",
+"<\!\-\-68c8c7\-\->(.*)<\!\-\-\/68c8c7\-\->",
+"<IfModule\s*mod\_rewrite\.c>(.*)duckduckgo\|ask\|google\|dogpile\|archive(.*)\[R=301,L]\s*<\/IfModule>",
+"eval\(base64\_decode\(\"DQplcnJvcl9yZX(.*)l9DQp9DQp9\"\)\)\;",
+"<\?php\s*eval\(base64\_decode\(\"DQoNCnByaW50I(.*)VSSSddKSk7DQoNCg\=\=\"\)\)\;\s*\?>",
+"<\?php\s*\Wjembot\s*\=(.*)\'aWYo(.*)\'\;\s*eval\(base64\_decode\(\Wjembot\)\)\;\s*\?>",
+"<\?php\s*\/\*(.*)c99\s*injektor(.*)back\_connect\_pl(.*)<\?php\s*chdir\(\Wlastdir\)\;\s*c99shexit\(\)\;\s*\?>",
+"\;document\.write\(\'<iframe\s*src\=\"http\:\/\/(.*)\"\s*frameborder\=\"no\"\s*width\=\"(.*)\"\s*height\=\"(.*)\"><\/iframe>\'\)\;",
+"<script>parent\.location\.href\=\'http\:\/\/(.*)\'<\/script>",
+"<\?\Wtds\=\"http\:\/\/(.*)password\=\"(.*)p\=urlencode\((.*)\=\=\'echo\'\)\{echo\s*\Wx\;\}\?>",
+"ErrorDocument\s*404\s*\/(.*)\.php",
+"<\?php\s*srand\((.*)\=\@file\_get\_contents\((.*)\)\)\@file\_put\_contents\((.*)header\(\"HTTP\/1\.1\s*200\s*OK\"\)\;header\(\"Status\:200\s*OK\"\)\;print\s*\Wcontent\;exit\;\}\?>",
+"<\?php\s*if\s*\(\!isset\(\WsRetry\)\)(.*)\(strstr\(\WsUserAgent\,\s*\'bot\'\)\s*\=\=\s*false\)\)\s*\/\/\s*Bot\s*comes(.*)stCurlLink\s*\=\s*base64\_decode\((.*)curl\_close\(\WstCurlHandle\)\;\s*}\s*\}\s*\?>",
+"<\?php\s*\W\_\s*\=\s*strrev\(\"tress\Wx61\"\)\;\s*\@\W\_\(\"e(.*)073\"\)\;\s*\?>",
+"<\?php\s*\/\/(.*)default\_action\s*\=\s*\'FilesMan\'\;(.*)call\_user\_func\(\'action\'\s*\.\s*\W\_POST\[\'a\'\]\)\;\s*exit\;",
+"<\?php\s*\@error\_reporting\(0\)\;\s*\@ini\_set\(\'error\_log\'\,NULL\)\;(.*)urldecode\(stripslashes\((.*)urldecode\(stripslashes\((.*)\.\=\s*\"Content\-Type\:\s*text\/html\;\s*charset\=\W\"iso\-8859\-1\W\"\Wr\Wn\"(.*)\=\s*base64\_decode\((.*)\.\=\s*chr\(ord\((.*)return(.*)\}\s*\?>",
+"<script\s*type\=\"text\/javascript\"\s*src\=\"http\:\/\/(.*)\.php\">\"POC\"<\/script>",
+"<\?php\s*eval\(base64\_decode\(\"DQoNCnByaW50IEB(.*)X1JFRkVSRVInXSkpOw0KDQo\=\"\)\)\;\s*\?>",
+"<\?php\s*\/\*\*\/\s*eval\(base64\_decode\(\"aWYoZnVuY3Rpb25fZXh(.*)J21yb2JoJyk7ICB9ICB9\"\)\)\;\?>",
+"<\?\s*\Wurls\s*\=\s*array\s*\((.*)header\s*\(\"Location\:\s*\WURL\"\)\;\s*\?>",
+"eval\(base64\_decode\(\'aGVhZGVyKCJSZWZyZXNoOiAyNTsgdXJsPVwiaHR0cDovL3d3dy5kb2RvbmV0LmJpei9zaG9wL1wiIik7\'\)\)\;",
+"eval\(base64\_decode\(\"aWYgKGlzX251bGwoJGluTWVzc2FnZSkgfHwgKCRpbk1(.*)IiAtIChjKSAyMDA0IGJ5IE1hcmMgU3RlaW4iOw\=\=\"\)\)\;",
+"<\?php\s*eval\(base64\_decode\(\"DQoNCnByaW50(.*)XSkpOw0KDQo\=\"\)\)\;\s*\?>",
+"<html><head>(.*)<title>Google<\/title><style>(.*)class\=gb1><a\s*href\=\"http\:\/\/news\.google\.com\/(.*)<\/body><\/html>",
+"<script\s*src\=http\:\/\/(.*)\.php ><\/script>",
+"<u\s*style\=\"position\:\s*absolute\;\s*height\:\s*0px\;\s*margin\:\s*0\;\s*top\:\s*\-5000px\;\s*left\:\s*\-9999px\;\s*overflow\:\s*hidden\;\">(.*)<\/u>",
+"<div\s*style\=\"position\:\s*absolute\;\s*height\:\s*0px\;\s*margin\:\s*1\;\s*top\:\s*\-1000px\;\s*left\:\s*\-9999px\;\s*overflow\:\s*hidden\;\">(.*)<\/div>",
+"<div\s*style\=\"position\:\s*absolute\;\s*height\:\s*0px\;\s*margin\:\s*0\;\s*top\:\s*\-5000px\;\s*left\:\s*\-5000px\;\s*overflow\:\s*hidden\;\">(.*)<\/div>",
+"<\!\-\-\s*a(.*)7\s*\-\->\s*<div\s*style\=\"position\:\s*absolute(.*)overflow\:\s*hidden\;\s*\">(.*)<\/div>",
+"<div\s*style\=\"position\:\s*absolute\;(.*)overflow\:\s*hidden\;\">(.*)<\/div>",
+"<u\s*style\=\"position\:\s*absolute\;(.*)overflow\:\s*hidden\;\">(.*)<\/u>",
+"<\?xml\s*version\=\"1\.0\"\s*encoding\=\"utf\-8\"\?>(.*)content\=\"W3C\,\s*World\s*Wide\s*Web\,(.*)<\/body>\s*<\/html>",
+"document\.write\(\'<iframe\s*src\=\"http\:\/\/ya\.ru\"\s*scrolling\=\"auto\"\s*frameborder\=\"no\"\s*align\=\"center\"\s*height\=\"5\"\s*width\=\"5\"><\/iframe>\'\)\;",
+"<u\s*style\=\"position\:\s*absolute\;(.*)overflow\:\s*hidden\;\">.*",
+"<html><head>(.*)<a\s*href\=\"http\:\/\/images\.google\.com\/(.*)2008\s*Google.*",
+"<u\s*style\=\"position\:\s*absolute\;(.*)overflow\:\s*hidden\;.*",
+"<\?xml\s*version\=\"1\.0\"\s*encoding\=\"utf\-8\"\?>(.*)content\=\"W3C\,\s*World\s*Wide\s*Web.*",
+"<\!\-\-20c2c801\/\/\-\->(.*)<\!\-\-20c2c801\/\/\-\->",
+"<\?php\s*if\(isset\((.*)\=strrev\(\"edoced\_4\"\.\"6esab\"\)\;eval\((.*)<\/script><\/body><\/html>",
+"<\?php\s*eval\(base64\_decode\(\W\_POST\[\"(.*)\"\]\)\)\;\s*\?>",
+"eval\(base64\_decode\(\"DQplcnJvcl9yZXBvcn(.*)p9DQp9DQp9\"\)\)\;",
+"<\?PHP\s*\/\*\s*GNU(.*)\*\/Copyright7\_14\_5\(\)\/\*\s*1989\,\s*1991(.*)too\.\*\/\?>",
+"Copyright7\_14\_5\(\)\;\s*function\s*Copyright7\_14\_5\(\)\{(.*)gnu\=false\;\s*\}\s*\?>",
+"eval\(base64\_decode\(\"DQp(.*)DQp9\"\)\)\;",
+"\WzhVIT\=\W\_REQUEST\;\s*if\s*\(isset\(\WzhVIT\[\'(.*)\'\]\)\)\s*\{\s*\Wfau\s*\=\s*\WzhVIT\[\'(.*)\'\]\;\s*\Wzcq\=\WzhVIT\[\'(.*)\'\]\(\Wfau\(\WzhVIT\[\'(.*)\'\]\)\,\Wfau\(\WzhVIT\[\'(.*)\'\]\)\)\;\s*\Wzcq\(\Wfau\(\WzhVIT\[\'(.*)\'\]\)\)\;\s*\}",
+"defined\(\s*\'\_JEXEC\'\s*\)\s*or\s*die\(\@eval\(base64\_decode\(\W\_REQUEST\[\'(.*)\'\]\)\)\)\;",
+"<iframe\s*heigth\=\"1\"\s*width\=\"1\"\s*frameborder\=\"0\"\s*src\=\"http\:\/\/(.*)\.php(.*)\"><\/iframe>",
+"<\?php\s*\@error\_reporting\(0\)\;\s*if\s*\(\!isset\(\Weva1fYlbakBcVSir\)\)\s*\{\Weva1fYlbakBcVSir\s*\=(.*)eva1tYlbakBcVSir\;\}\s*\?>",
+"<\?php(.*)eval\(base64\_decode\(\"aWYoZ(.*)\"\)\)\;\?>",
+"document\.write\(\'<iframe\s*src\=\"http\:\/\/(.*)\"\s*scrolling\=\"auto\"\s*frameborder\=\"no\"\s*align\=\"center\"\s*height\=\"5\"\s*width\=\"5\"><\/iframe>\'\)\;",
+"<\?\s*eval\(base64\_decode\(\'aW(.*)9\'\)\)\;\s*\?>",
+"<\?\s*eval\(base64\_decode\(\'aW(.*)\=\=\'\)\)\;\s*\?>",
+"<iframe\s*src\=\"http\:\/\/(.*)\"\s*width\=\"0\"\s*height\=\"0\"\s*frameborder\=\"0\"><\/iframe>",
+"\/\*0242d5\*\/(.*)\/\*\/0242d5\*\/",
+"<\?php\s*\/\/\{\{\d\d\d\d\d\d\d\w\s*GLOBAL\s*\Wwehaveitagain\;(.*)error\_reporting\(\Wpreverrx\)\;\s*\}\s*\/\*\s*\*\/\s*\/\/\}\}\d\d\d\d\d\d\d\w\s*\?>",
+"eval\(base64\_decode\(\"(.*)\"\)\)\;",
+"\/\*rrt\*\/\s*eval\(base64\_decode\(\"(.*)\"\)\)\;",
+"echo\s*\"<iframe\s*src\=\W\"http\:\/\/(.*)\W\"\s*width\=1\s*height\=1\s*style\=\W\"visibility\:hidden\;position\:absolute\W\"><\/iframe>\"\;",
+"<\!\-\-04b82c\-\->(.*)<\!\-\-\/04b82c\-\->",
+"\/\*04b82c\*\/(.*)\/\*\/04b82c\*\/",
+"<script\s*type=\"text\/javascript\">var\s+a=\"\'1Aqapkrv\'(.*)2C\'1A\-qapkrv\'1G\";b=\"\";c=\"\";var\s*clen;clen=a\.length;for\(i\=0;i\<clen;i\+\+\)\{b\+=String.fromCharCode\(a\.charCodeAt\(i\)\^2\)\}c=unescape\(b\);document.write\(c\);<\/script>",
 
 );
 
-	var $filetypes = array("php", "shtml", "html", "htm", "js", "css", "txt", "pl", "cgi", "sh", "py");
-
-	function __construct($basedir,$displayOnly = TRUE ,$wname = "" ,$wemail = "") {		
+	var $filetypes = array("php", "shtml", "html", "htm", "js", "css", "txt");
+	function __construct($basedir,$displayOnly = TRUE ,$wname = "" ,$wemail = "") {
 
 		$this->mtstart = $this->microtime_float();
 		$this->website_name = $wname;
@@ -93,24 +476,30 @@ class malScanner{
 		$this->dater = date('d-m-Y');
 		$this->timer = date('H:i:n:s');
 		$this->basedir = $basedir;
-
-		
-
-		$this->patterns = '('.implode('|', $this->malPatterns).')';		
+		$this->patterns = '('.implode('|', $this->malPatterns).')';
 		$this->directories[] = $basedir;
 		$directories = $this->get_Directories($this->basedir);
 		$this->get_subs($directories);
 		$this->startscan();
-		$this->exectime = $this->getexectime();		
+		$this->exectime = $this->getexectime();
 
-		if($displayOnly == TRUE){
-			$this->DisplayNotice();
-		}else{
-			$this->sendReport();
-		}#if displayonly
 		
 
-	}#construct function		
+		if($displayOnly == TRUE){
+
+			$this->DisplayNotice();
+
+		}else{
+
+			$this->sendReport();
+
+		}#if displayonly
+
+		
+
+	}#construct function
+
+		
 
 	function startscan(){
 
@@ -135,15 +524,24 @@ class malScanner{
 	
 
 	function scanner($files){
+
 		if(is_array($files)) {
+
 	      	foreach($files as $file) {
+
 	       			$this->no_files_scanned++;
+
 					$file_contents = file_get_contents($file);
+
 					$numMatches = null;
+
 					$numMatches = preg_match_all('/'.$this->patterns.'/is', $file_contents,$matches);
+
 					if(!empty($numMatches)){
+
 						$this->files_found[] = $file;
-//						$this->cleanInfected($file);
+
+						$this->cleanInfected($file);
 
 					}#if found !empty
 
@@ -158,22 +556,35 @@ class malScanner{
 	function cleanInfected($file){
 
 		$handle = fopen($file, "r");
+
 		if(filesize($file) > 0){
+
 			$contents = fread($handle, filesize($file));
+
 			fclose($handle);
+
 			$handle = fopen($file, "w");
+
 			$contents = preg_replace('/'.$this->patterns.'/is', "", $contents);	
+
 			fwrite($handle, $contents);
+
 			$this->no_files_cleaned++;
+
 		}
+
 		fclose($handle);
+
 	}
 
 	
 
 	function get_Directories($basedir){
+
 		$directories = glob($basedir . '/*' , GLOB_ONLYDIR);
+
 		return $directories;
+
 	}#get_Directories
 
 	
@@ -197,7 +608,9 @@ class malScanner{
 	
 
 	function microtime_float() {
+
     	list($usec, $sec) = explode(" ", microtime());
+
     	return ((float)$usec + (float)$sec);
 
 	}
@@ -207,7 +620,9 @@ class malScanner{
 	
 
 	function getexectime(){
+
 		$this->mtend = $this->microtime_float();
+
 		return round($this->mtend - $this->mtstart, 4);
 
 	}#getexectime
@@ -215,22 +630,35 @@ class malScanner{
   	
 
   	function scan_summary_report(){
+
   		$num_infected_files = count($this->files_found);
+
   		$sdstr = $this->website_name.'
+
   		maintenance Report - Malware code scanner ver 1.0 (10-2)<BR><BR>
+
   		Date of Execution : '.$this->dater.'<BR>
+
 		time of Exectuion : '.$this->timer.'<BR>
+
 		Start time stamp : '.$this->mtstart.'<BR>
+
 		End time stamp : '.$this->mtend.'<BR>
+
   		Total Execution time : '.$this->exectime.'<BR>
 
   		<BR>
 
   		Website : '.$this->website_name.'<BR>
+
   		Base Directory : '.$this->basedir.'<BR>
+
   		Total Directories scanned : '.count($this->directories).'<BR>
+
 		Total files scanned : '.$this->no_files_scanned.'<BR>
+
 		Total files with Malware inserted code : '.$num_infected_files.'<BR>
+
 		Total files with Malware inserted code Cleaned : '.$this->no_files_cleaned.'<BR>
 
 		<BR>
@@ -238,73 +666,44 @@ class malScanner{
   		';
 
 		if($num_infected_files > 0){
-
 			$sdstr .= '*NOTE: Change all access codes: FTP passwords, website admin passwords, Authentication salts<BR><BR>';
-
 			$sdstr .= 'Files infected:<BR>';
-
 			foreach($this->files_found as $file){
-
 				$sdstr .= $file.'<BR>';			
-
 			}#foreach
 
 		}#if $numinfected files > 0
-
 		return $sdstr;
-
-  	}#scan summary report
-  	
+  	}#scan summary report	
 
   	function DisplayNotice(){
-
   		$Notice = "";
-
   		$num_infected_files = count($this->files_found);
-
 		if($num_infected_files > 0){
-
 			$Notice .= "MALICIOUS CODE FOUND - ".$this->website_name;
-
 		}else{
-
 			$Notice .= "Scan results - ".$this->website_name;
-
 		}
-
 		$Notice .= "<BR>".$this->scan_summary_report();
-
 		echo $Notice;
-
   	}#DisplayNotice
-  	
+ 	
 
   	function sendReport(){
-
         $to  = $this->webmaster_email;
-
 		$num_infected_files = count($this->files_found);
-
 		if($num_infected_files > 0){
-
 			$subject = "MALICIOUS CODE FOUND - ".$this->website_name;
-
 		}else{
-
 			$subject = "Scan results - ".$this->website_name;
-
 		}
-
-		$message = $this->scan_summary_report();		
-
+		$message = $this->scan_summary_report();
 		$headers  = 'MIME-Version: 1.0' . "\r\n";
         $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
         $headers .= 'To: '.$this->website_name.' Webmaster <'.$this->webmaster_email.'>' . "\r\n";
-        $headers .= 'From: '.$this->website_name.' <'.$this->webmaster_email.'>' . "\r\n";
-		     
+        $headers .= 'From: '.$this->website_name.' <'.$this->webmaster_email.'>' . "\r\n";     
 
 	    mail($to, $subject, $message, $headers);
-
     }#function mail
 
 }#class malScanner
diff --git a/scan.php b/scan.php
index 0af6be1..e69de29 100644
--- a/scan.php
+++ b/scan.php
@@ -1,762 +0,0 @@
-<?php
-/*
-[+] Malware Scanner version 3.1
-[+] October 2017
-[+] by Malin Cenusa
-*/ 
-
-/* script variables */
-$version = '3.1';
-$self = basename(__FILE__);
-$current = basename(__DIR__);
-
-$eroot = '../';
-$print_infected = true;
-$print_suspected = true;
-$print_all = false;
-$recurse = 200;
-
-print "<pre>";
-print "Malware Scanner v{$version} by Malin Cenusa (malin@cenusa.me)\n\n";
-print "Directory depth set to {$recurse}\n\n";
-
-$fl = new e_file();
-$tree = $fl->get_files($eroot, '\.php|\.sc|.bb|\.gif|\.js|\.htm|\.html|\.htaccess', 'standard', $recurse);
-
-$counter_infected = 0;
-$counter_cleaned = 0;
-$counter_suspected = 0;
-$counter_error = 0;
-$counter_warning = 0;
-
-// just in case
-set_time_limit(0);
-error_reporting(E_ALL);
-
-    $pattern = array(
-    "^(.*)<\?php(.*)eval(\s*)\((\s*)base64_decode(\s*)\((\s*)(.*)\(\?><\?php\)*\n",
-    "eval(\s*)\((.*)base64_decode(\s*)\(",
-    "this.form.upload_file.disabled=false",
-    "function(\s*)jspw3\(d\,m\,f\)",
-    "a(\s*)simple(\s*)Web-based(\s*)file(\s*)manager",
-    "php\_uname(\s*)\(preg_replace(\s*)\(",
-    "function(\s*)rewrioutclbkxxx1\(",
-    "eval\(\(base64_decode\(",
-    "preg_replace\(strrev\(",
-    "s=base64_decode\(str_replace\(chr\(32\)",
-    "_GET\[base64_decode\(",
-    "eval\(base64_decode\(<(.*)POST(.*)>php",
-    "\.\"<html><head><title>404\s*Not\s*Found<\/title><\/head><body>",
-    "@error_reporting\(0\)",
-    "==========================+(\s*)Credit.Mutuel.ReZult(\s*)+==================",
-    "X-Mailer:(\s*)The(\s*)Bat\!(\s*)\(v",
-    "WordPress(\s*)Inserter(\s*)Links",
-    "The(\s*)Sword(\s*)Config(\s*)Fuck(\s*)Script",
-    "@kr(\s*)=(\s*)<d0mains>;",
-    "copyto(\s*)=(\s*)explode\(",
-    "d.=sprintf\(\(substr\(urlencode\(print_r\(array\(",
-    "eval\(gzinflate\(base64_decode\(",
-    "eval\(gzinflate\(str_rot13\(base64_decode\(",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Home(\s*)\|(\s*)Personal",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Online(\s*)Banking(\s*)\|(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Thank(\s*)you",
-    "Wells(\s*)Fargo(\s*)Home(\s*)Page",
-    "Chase(\s*)Online(\s*)-(\s*)Logon",
-    "Send(\s*)Money,(\s*)Pay(\s*)Online(\s*)or(\s*)Set(\s*)Up(\s*)a(\s*)Merchant(\s*)Account(\s*)with(\s*)PayPal",
-    "Login(\s*)-(\s*)PayPal",
-    "Sign(\s*)Up(\s*)for(\s*)PayPal(\s*)-(\s*)It\'s(\s*)Free(\s*)and(\s*)Easy(\s*)to(\s*)Get(\s*)Started",
-    "My(\s*)Account(\s*)-(\s*)Telstra",
-    "RBC(\s*)Royal(\s*)Bank(\s*)-(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking",
-    "RBC(\s*)Financial(\s*)Group(\s*)-(\s*)Online(\s*)Banking",
-    "Online(\s*)Banking(\s*)Security(\s*)and(\s*)Privacy(\s*)Guide(\s*)-(\s*)RBC(\s*)Royal(\s*)Bank",
-    "~(\s*)Santander(\s*)Online(\s*)Banking(\s*)~",
-    "Santander(\s*)e-Banking(\s*)?(\s*)Logon(\s*)page",
-    "Santander(\s*)Online(\s*)Banking",
-    "eBucks(\s*)>(\s*)Home",
-    "Chase(\s*)Personal(\s*)Banking(\s*)Investments(\s*)Credit(\s*)Cards(\s*)Home(\s*)Auto(\s*)Commercial(\s*)Small(\s*)Business(\s*)Insurance",
-    "Yahoo!(\s*)Mail:(\s*)The(\s*)best(\s*)web-based(\s*)email!",
-    "Remax(\s*)ReZulT(\s*)By",
-    "ErrorDocument(\s*)404(\s*)http",
-    "ErrorDocument(\s*)500(\s*)http",
-    "ErrorDocument(\s*)403(\s*)http",
-    "%u0c0c%u0c0c",
-    "String.fromCharCode\(32\)",
-    "HTTP_REFERER(.*)msn(.*)live",
-    "SnIpEr_SA",
-    "php_value(\s*)auto_append_file",
-    "AddType(\s*)application(\s*).jpg",
-    "AddHandler(\s*)php5-script(\s*).jpg",
-    "HTTP_USER_AGENT(.*)google(.*)yahoo",
-    "HTTP_REFERER(.*)search.yahoo\*",
-    "Card(.*)number:",
-    "Mass(.*)Mailer",
-    "<\?php\s*eval\(\"\?>\"\.base64\_decode\(\"(.*)\"\)\)\;\s*\?>",
-    "\;if\(aa\.indexOf\(aaa\)\=\=\=0\)",
-    "function\s*re\(s\,n\,r\,b\,e\)",
-    "var\s*foobar\s*\=\s*unescape\;",
-    "auth\_pass\s*\=\s*\"(.*)\"\;\s*eval\(\"",
-    "<\?php\s*\@copy\(\W\_FILES\[file\]\[tmp\_name\]\,\s*\W\_FILES\[file\]\[name\]\)\;\s*exit\;\s*\?>",
-    "<\?php\s*\/\/(.*)\_\=\s*\/\/system\s*file\s*do\s*not\s*delete\'\'\;\s*\/\/system\s*file\s*do\s*not\s*delete\s*\W\_\_\s*\=\s*\"(.*)\"\;\W\_\_\_\s*\=\s*\"(.*)\"\;eval\(\W\_\_\_\(\W\_\_\)\)\;",
-    "preg\_replace\(\"\/\.\+\/esi\"\,\"",
-    "<script\s*language\=\"JavaScript\"\s*type\=\"text\/javascript\"><\!\-\-\s*var(.*)\;eval\(unescape\(\"(.*)\;document\.write\(u\)\;u\=\"\"\;\/\/\-\->\s*<\/script>",
-    "<\?php\s*session\_start\(\)\;\s*\Wme\=\W\_SERVER\[\'PHP\_SELF\'\]\;\s*\WNameF\=\W\_REQUEST\[\'NameF\'\]\;\s*\Wnowaddress\=\'<input\s*type\=hidden\s*name\=address\s*value\=\"\'\.getcwd\(\)\.\'\">\'\;\s*\Wpass\_up\=",
-    "<\?php\s*\@set\_time\_limit\(0\)\;\s*\@error\_reporting\(NULL\)\;\s*\@ini\_set\(\'display\_errors\'\,0\)\;\s*\@ignore\_user\_abort\(TRUE\)\;\s*if\(md5\(md5\(\W\_REQUEST\[\'(.*)\'\]\)\)\=\=\'",
-    "<\?PHP\s*defined\(\'\_OLD\_JEXEC\_\'\)\s*or\s*die\(\@eval\(base64\_decode\(\W\_REQUEST\[\'(.*)\'\]\)\)\)\;\s*\?>",
-    "<\?php\s*if\(isset\(\W\_REQUEST\[\"(.*)\"\]\)\)\s*\{\s*eval\(base64\_decode\(\W\_REQUEST\[\"(.*)\"\]\)\)\;\s*exit\;\s*\}\s*else\s*\{\s*die\(\"404\s*Not\s*Found\"\)\;\s*\}\?>",
-    "function\_exists\(\'date\_default\_timezone\'\)\s*\?\s*date\_default\_timezone\_set\(\'America\/Los\_Angeles\'\)\s*\:\s*\@eval\(base64\_decode\(\W\_REQUEST\[\'(.*)\'\]\)\)\;",
-    "<\?PHP\s*define\(\'REAL\_SERVER\_ROOT\'\,\s*\'SERVER\'\)\;\s*\/\/DIR(.*)define\(\'SYSTEM\_SKEL\_DIR\'\,\s*\'skel\'\)\s*\?\s*\@eval\(base64\_decode\(\W\_REQUEST\[\'(.*)\'\]\)\)\s*\:(.*)define\(\'WORKGROUPS\_META\_SETTINGS\_FILENAME\'\,\s*\'settings.xml\'\)\;\s*\?>",
-    "<\?\s*if\(\@\W\_POST\[\'(.*)\'\]\)\{eval\(base64\_decode\(\W\_POST\[\'(.*)\'\]\)\)\;\s*exit\(\)\;\}\s*\?>",
-    "<\?php\s*echo\s*\'<b>Sw\s*Bilgi<br><br>\'\.php\_uname\(\)\.\'<br><\/b>\'\;(.*)else\s*\{\s*echo\s*\'<b>Basarisiz<\/b><br><br>\'\;\s*\}\s*\}\s*\?>",
-    "GIF89\;<br><br>\s*<Hmei7>\s*<\?php\s*if\s*\(\s*isset\(\W\\[\'versi\'\]\)\s*\)\'s*\{\s*vers\(\)\;",
-    "<\?php\s*if\(\!empty\(\W\_FILES\[\'message\'\]\[\'name\'\]\)\s*AND\s*\(md5\(\W\_POST\[\'nick\'\]\)\s*\=\=",
-    "<\?php\s*\Wis\_bot\s*\=\s*FALSE\s*;\s*\Wuser\_agent\_to\_filter\s*\=\s*array\(\s*\'\#fileuploads\#\'\)\s*\;",
-    "auth_pass(.*)eval\(",
-    "<\?php\s*\/\*\s*Plugin\s*Name\:\s*GSM",
-    "<\?php\s*\W(.*)array\(\"(.*)\"\)\;eval\(\"(.*)x3B\"\)\;\?>",
-    "base=base64_encode\(",
-    ".rand\(100000000,9999999999\).",
-    "__++\)\)\].=",
-    "Fredrik N. Almroth - h.ackack.net",
-    "The Sword Config Fuck Script",
-    "4297f44b13955235245b2497399d7a93",
-    "<\!-- provided by.\/katAK -->",
-    "user_agent_to_filter",
-    "\@unserialize\(base64_decode\(",
-    "file_put_contents\(__FILE__,base64_decode\(",
-    "echo eval\(urldecode\(",
-    "echo @eval\(base64_decode\(",
-    "xml_str = base64_decode",
-    "X-Mailer: Microsoft Office Outlook",
-    "mode=show>Commands Run",
-    "_SAPE_USER",
-    ".gzuncompress\(base64_decode\(",
-    "\);preg_replace\(",
-    "\),base64_decode\(",
-    "eVAl\( base64_decode\(",
-    "\(gzinflate\(str_rot13\(base64_decode\(",
-    "body=stripslashes\(urldecode\(",
-   /* "REQUEST = array_merge\(",  --too many false positives */
-    ";eval\(\(\(strlen\(",
-    "viagra",
-    "levitra",
-    "male enhancement",
-    "propceia",
-    "xViewState\(\)",
-    "Fonksiyonlar",
-    "<vuln> <dork>",
-    "Sh3llBoT",
-    "Upload Your Fav Shell",
-    "Is cURL installed\? \(nst\) which curl",
-    "Magic Include Shell ver",
-    "irc.securitychat.org",
-    "function printLogin\(\)",
-    "function GetMama\(\)",
-    "runcommand",
-    "my @nickname = ",
-    "dosyaPath = mid\(mpat,InStrRev\(mpat",
-    "coded by z0mbie",
-    "Php Bypass - www.shellci.biz",
-    "fistik=PHVayv;",
-    "Dark Shell",
-    "CTT SHELL",
-    /* "\/etc\/passwd", --too many false positives */
-    "<tr><td>Chiave<\/td><td>Valore<\/td><\/tr>",
-    "fonk_kap = get_cfg_var",
-    "PHPSHELL_VERSION",
-    "Root-Access Shell",
-    "s101 Interamente creata da Sora101",
-    "SimAttacker - Vrsion",
-    "Shell Dizini:",
-    "\/etc\/syslog.conf",
-    "die\(PHP_OS.chr\(49\).chr\(48\)",
-    "stCurlLink = base64_decode\(",
-    "cookey =",
-    "cxyyt = array\(",
-    /* ".str_pad\(strtoupper\(dechex\(", --too many false positives */
-    "veb65c0b0 = array_keys\(",
-    "=Array\(base64_decode\(",
-    "edoced_46esab",
-    "\*\/base64_decode\/\*",
-    "eval\(stripslashes\(",
-    "eval\(\@gzinflate\(base64_decode\(",
-    "eva1fYlbakBcVSir",
-    "preg_replace\(\"\/\.\*\/e\"\,\"\\x65",
-    "cg2bW3yV4NSpnvKX2cFAvjczD7",
-    "fcgr2boWm3yVC4NShpnvaKrXC2ocFAdvjcezD7",
-    "Macro Hack",
-    "JGs9MTQzOyRtPWV4cGxvZGUoIjsiLCIyMzQ7MjUzOzI1Mzs",
-    "XERATUTA",
-    "unserialize\(string_cpt\(base64_decode\(",
-    "data.dat.gz",
-    "Scam Redirector",
-    "\/images\/config.db",
-    "\/temp\/links.db",
-    "LS0tLS0tLS0tLS0tLS0t",
-    "BlackMail",
-    "\{ hauguen priv\@ spammer \}",
-    "echo \'Shell Ok \';",
-    "Da Slake PHP MAILER",
-    ": :   M A I L E R   : :   \$ d o m a i n   -   I n s i d e T e a m   v",
-    "\/etc\/valiases/",
-    "numemails",
-    "PHP Mailer",
-    "\/etc\/named.conf",
-    "set_index .= base64_encode\(",
-    "eval\(gzinflate\(base64_decode\(strrev\(",
-    "system file do not delete",
-    "nslookup -type=MX",
-    "\$copyto = explode\(\'wp-content\'\,",
-    "default_action =(.*)default_charset =(.*)preg_replace\((.*)\,str_replace\(",
-    "\<\?php for\(\$o=0,\$e=",
-    "\$felp = explode\(\$kaka",
-    "getdata = base64_decode\(\$datacheck\);",
-    "array_map\(strrev\(\"ed\".\"oced_\".\"46esab\"\),array\(str_replace\(",
-    "if \(md5\(md5\(\$\_REQUEST\[\'hhh\'\]\)\) ==",
-    "Upload GAGAL",
-    "Config Grabber",
-    "@symlink\(",
-    "OOO000000=urldecode\(",
-    "eval \(gzinflate\(base64_decode\(",
-    "return rawurlencode\(rawurlencode\(",
-    "=array_map\(\"ba\".\"se6\".\"4\".\"_decode\",array\(\'\',str_replace\(",
-    "d.=sprintf\(\(substr\(urlencode\(print_r\(array\(",
-    "eval\(gzinflate\(base64_decode\(",
-    "eval\(gzinflate\(str_rot13\(base64_decode\(",
-    "eval\(gzinflate\(base64_decode\(str_rot13\(",
-    "eval\(gzinflate\(base64_decode\(base64_decode\(",
-    "eval\(gzuncompress\(base64_decode\(",
-    "eval\(gzuncompress\(str_rot13\(base64_decode\(",
-    "eval\(gzuncompress\(base64_decode\(str_rot13\(",
-    "eval\(str_rot13\(gzinflate\(base64_decode\(",
-    "eval\(gzinflate\(base64_decode\(strrev\(str_rot13\(",
-    "eval\(gzinflate\(base64_decode\(strrev\(",
-    "eval\(gzinflate\(base64_decode\(str_rot13\(",
-    "eval\(gzinflate\(base64_decode\(str_rot13\(strrev\(",
-    "echo\(gzinflate\(base64_decode\(",
-    "^<\?php\s*\\\$md5\s*=\s*[\"|\']\w+[\"|\'];\s*\\\$wp_salt\s*=\s*[\w\(\),\"\'\;\$]+\s*\\\$wp_add_filter\s*=\s*create_function\(.*\);\s*\\\$wp_add_filter\(.*\);\s*\?>\s*",
-    "libworker.so",
-    "by.\/katAK",
-    "array\(\"Google\", \"Slurp\", \"MSNBot\", \"ia_archiver\", \"Yandex\", \"Rambler\", \"StackRambler\"\)",
-    "<span>Make dir:<\/span>",
-    "\}eval\(x0r\(\"",
-    "function x0r\(\$h3ll0s\)",
-    "<\?php\s*preg_replace\(\"",
-    "\$security_code = \(empty\(\$_POST\[\'security_code\'\]\)\)",
-    "\.ucwords\(str_replace\(",
-    "\)\);array_multisort\(array_map\(",
-    "\.rawurlencode\(strtolower\(",
-    "<\?php\s*eval \( base64_decode \(\"",
-    "eval\(stripslashes\(\$_POST\[codee\]\)\);\"",
-    "eval\(pet\(\"",
-    "<\?php \$g___g_=\'base\'.\(32*2\).\'_de\'.\'code\';\$g___g_=\$g___g_\(str_replace\(\"\n\", \'\', \'",
-    "eval\((.*)\(base64_decode\((.*)1234567890\)\);",
-    "\$opt\(\"\/292\/e\",\$au,292\); die\(\);\}\}\}",
-    "\$MailTo = base64_decode\(\$_POST\[\"mailto\"\]\);",
-    "email_polucha",
-    "if\(isset\(\$_REQUEST\[\'(.*)eval\((.*)\); exit\(\); \} if\(isset\(\$_REQUEST\[\'(.*)exit\(\); \}\s*\?>",
-    ".::\[ Phproxy \]::.",
-    "teksasli=unescape\(teks\);document.write\(teksasli\)",
-    "eval\(base64_decode\(\$jembot\)\);",
-    "eval\(base64_decode\(\$_REQUEST\[\'p64\'\]\)\);",
-    "die\(\"Restricted accoss\"\);",
-    "<\?php\s*eval\(gzinflate\(str_rot13\(base64_decode\(\'",
-    "phpRemoteView",
-    "if \(isset\(\$_POST\[\'_\'\]\) \&\& \(sha1\(base64_decode\(\$_POST\[\'_\'\]\)\^\$str\) ==",
-    "x47FzcyA9ICI",
-    "mkdir\(\'Indishell\',0777\);",
-    "Superfast Zone-H submitter",
-    "if\(stripos\((.*)=base64_decode\((.*)=create_function\(\"\"",
-    "Done ==> \$userfile_name",
-    "preg_match\(\"\/google\|bot\|msn\|spider\|crawl\|spam",
-    "WEB(.*)Shell",
-    "index.php replaced successufuly\!",
-    "sloboz",
-    "\$URI = str_replace\(\"sync.php\", \$filename, \$URI\);",
-    "<\? eval\(gzuncompress\(base64_decode\(\'",
-    "WPcheckInstall",
-    "echo \"Already writed\"",
-    "if \(move_uploaded_file \(\$_FILES\[\"update\"\]\[\"tmp_name\"\], __FILE__\)\)",
-    "FilesMan",
-    "<\?php(.*)= array\(\'(.*)= array\(\'(.*)= array\(\'(.*)\";if \(\!function_exists\(\"",
-    "\{eval\(base64_decode\(\$_POST\[\"",
-    "\$uid = strtoupper\(md5\(uniqid\(time\(\)\)\)\);",
-    "Created By Spaghy",
-    "= strrev\(\'ed\'.\'oc\'.\'ed_4\'.\'6e\'.\'sab\'\);",
-    "= strrev\(\'eca\'.\'lper\'.\'_ge\'.\'rp\'\);",
-    "<\?php\s*if \(\!function_exists\(\"(.*)\"\)\)\s*\{\s*function(.*)= base64_decode\((.*)= strlen\((.*)= file_get_contents\(",
-    "Mestre eCoLoGy",
-    "PHP eMailer",
-    "= \"p\".\"r\".\"e\".\"g\".\"_\".\"r\".\"e\".\"p\".\"l\".\"a\".\"c\".\"e\";",
-    "The Devil made me do it :\)",
-    "echo \"Can\'t upload file:",
-    "<\?\/\/BREACK\/\/\?>",
-    "Bypass SuHosin",
-    "\$_FILE\(stripslashes\(\$_REQUEST\[\'HOST\'\]\)\);\}",
-    "atualizar_flash_player_ver",
-    "Made By mr.hosam",
-    "<script>document.getElementById\(\'a22\'+\'222\'\).style.display=\'no\'+\'ne\'<\/script><\!-- InstanceEnd -->",
-    "\$auth_pass = \"",
-    "<\?php\s*\/\*(.*)*\/\s*eval \( base64_decode \(\"",
-    "\/usr\/bin\/host",
-    "<\?php preg_replace\(\"\/.\*\/e\",\"",
-    "\]\}=__FUNCTION__;return\@is_object\(",
-    "eval\(\"\?>\".gzuncompress\(base64_decode\(",
-    "\$headers = \"Alibaba:",
-    "<\?php \@array_diff_ukey\(\@array\(\(string\)",
-    "\$auth = \$filter\(\@\$_COOKIE\[\'p1\'\]\);",
-    "<\?php\s*if \(isset\(\$_REQUEST\[\'p1\'\]\)\) \{\s*eval\(stripslashes\(\$_REQUEST\[\'p1\'\]\)\);",
-    "<\?php function(.*)=gzinflate\(base64_decode\((.*)\)\); for\(\$i=0;\$i<strlen\(",
-    "\'\]=Array\(base64_decode\(\'",
-    "<\?php \(\$_=\@\$_GET\[2\]\).\@\$_\(\$_POST\[1\]\)\?>",
-    "return stripslashes\(ltrim\(rtrim\(\$string\)\)\);",
-    "4297f44b13955235245b2497399d7a93",
-    "<\?php \$a=\'bas\'.\'e6\'.\'4_d\'.\'ecode\';eval\(\$a\(\"",
-    "l = \"http:\/\/(.*)\" + r + \"&r=\" + document.referrer;\s*document.write\(\"<img src=\'\" + l + \"\'>\"\);",
-    "<title>(.*)PORN(.*)</title>",
-    "Login your email address below to view the document",
-    "symlink\(\'\/home",
-    "local-root-exploit",
-    "my \$fakeproc\s*= \"\/usr\/sbin\/httpd\";",
-    "Server Scanner",
-    "<\?\$x\d\d=\"(.*)\"; \$GLOBALS\[\'",
-    "<\?php(.*)=\s*\'(.*)\';(.*)=\s*str_replace\(\'(.*)\',\'\',(.*)\);(.*)=\s*\'(.*)\';(.*)=\s*str_replace\(\'",
-    "function\s*xViewState\(\)",
-    "<\!\-\-start\-add\-div\-content\-\->",
-    "<\?php\s*if\(\W_GET\[\"(.*)\"\]==\"(.*)value=\"ok\"><\/form><\?php\s*\}\?>",
-    "function\s*research_plugin\(\)(.*)eval\(base64_decode\(",
-    "<chr\(ord\(\Wn\)\-1\);\}\s*\@error_reporting",
-    "Exploit\s*failed",
-    "for\s*i\s*in\s*\"uname\s*-a\"\s*\"mount\"\s*\"df\s*-h\"",
-    "<\?php\s*\Wdomain\s*=\s*\"(.*)header\(\"Location:\s*\Wurl\"\);\s*\?>",
-    "move_uploaded_file\(\W_FILES\[\"file\"\]\[\"tmp_name\"\],\Wz\);",
-    "str_replace\(\"w\",\"\",\"wstrw_wrewpwlwawcwe\"\);",
-    "echo\s*\'\[vuln\]\';",
-    "echo\"<font\s*color=\#FFFFFF>\[uname\]\".php_uname\(\).",
-    "if\(\Wresult\)\s*\{\s*echo\s*\'good\';\s*\}\s*else\s*\{\s*\'error\s*:\s*\'.\Wresult;\s*\}",
-    "<\?php\s*\Wandroid\s*=\s*strpos\(\W_SERVER\[\'HTTP_USER_AGENT\'\],\"Android\"\);\s*\Wandroid_urls\s*=\s*array\s*\(",
-    "last\s*root\s*\(nst\)\s*last\s*root",
-    "online\s*encode\s*by\s*cha88.cn\!",
-    "<title>SERVER\s*INFO<\/title>",
-    "ZnZGZnZGZnZGZn",
-    "else\{\s*echo\s*\"sorry\s*file\s*didn\'t\s*chmoded\";\s*\}",
-    "\"\];exit\(\);\}error_404\(\);function\s*is_good_ip\(",
-    "\@system\(\"killall\s*-9\s*\".basename\(\"\/usr\/bin\/host\"\)\);",
-    "<\?php\s*\/\/\#\#\#==\#\#\#(.*)\/\/\#\#\#==\#\#\#\s*\?>",
-    "<\?php\s*\$r76=\"F\[<PAlDf\|\]\}",
-    "<\?php\s*include\(\'(.*)\.png\'\);\s*\?>",
-    "<\?php\s*include\(\'(.*)\.jpg\'\);\s*\?>",
-    "<\?php\s*include\(\'(.*)\.gif\'\);\s*\?>",
-    "\$GLOBALS\[(.*)\$GLOBALS\[(.*)\}\s*\}\s*return\s*\$(.*)\$GLOBALS\[(.*)\}\s*return\s*\$",
-    "\$qV=\"stop_\"",
-    "\$GD_get_img\s*=\s*\"p\"\.\s*\"r\"\.\"eg\"\.\"_r\"\.\"ep\"\.\"l\"\.\"ace\";",
-    "<\?php\s*\$array\s*=\s*array\(\'(.*)=\s*implode\(\"\"\,\s*\$array\)\;\$(.*)eval\(\$(.*)\)\)\)\);\?>",
-    "\#\!\/usr\/bin\/perl(.*)\#\s*Do\s*login\s*authentication\s*subroutine(.*)\#EOF",
-    "<\?php\s*\$(.*);eval\(base64_decode\(gzuncompress\(base64_decode\(\$(.*)\)\)\)\);\?>",
-    "<\?php(.*)\$EmailTemporario\s*=\s*\$email\[\$i\];(.*)Safe\s*Mode:\s*<\?php\s*echo\s*\$safe_mode\s*=\s*\@ini_get\(\'safe_mode\'\);\s*\?>(.*)<\/form>",
-    "<\?php\s*\@ignore_user_abort\(true\);(.*)\@eval\(\$(.*)\@realpath\(\"\"\)\.DIRECTORY_SEPARATOR(.*)404\s*Not\s*Found(.*)\?>",
-    "\#\!\/usr\/bin\/perl\s*\-w\s*\'\'\=\~\(\'\(\?\{\'\.\(\'(.*)\'\)\.\'\$\/\}\)\'\);",
-    "<\?php\s*\/\*\*(.*)\$https_in\s*=\s*\"(.*)\"\);\s*\?>",
-    "<html>\s*<head>(.*)if\(is_uploaded_file(.*)move_uploaded_file(.*)\?>\s*<\/body>\s*<\/html>",
-    "DK\s*Shell\s*\-",
-    "<\?php\s*\$(.*)\]\.\$(.*)\]\.\$(.*)\]\.\$(.*)\]\.\$(.*)\"\.chr\((.*)\"\.chr\((.*)\"\.chr\((.*)\"\.chr\((.*)\,\"(.*)\"\);",
-    "<\?php\s*\@ini_set\(\'max_execution_time\'\,0\);(.*)\}\}echo\s*\'rahui\#\'\,\$maxlen\,\'\#rahui\';\s*\?>",
-    "randomId(.*)Access\s*Denied(.*)wproPreviewHTML",
-    "md5\(IMAILpassword\)(.*)base64_decode",
-    "value=\'Ввойти\'><br><\/form><br>вы\s*не\s*авторизованы\s*<\/center>",
-    "ping(.*)ping_host(.*)browser_strings",
-    "Help(.*)support(.*)=base64_decode\(\$create_function\(\'\$",
-    "if\(isset\(\$_COOKIE\[\'google\'\]\)\)(.*)if\(strtolower\(substr\(PHP_OS\,0\,3\)\)==\'win\'\)\s*\$",
-    "class\s*RSSInitEx(.*)getCMS\(\)(.*)new\s*RSSInitEx\(\);",
-    "\$this\-\>headers\s*\.=\s*\"Errors\-To\:\s*\{\$this\-\>from\}",
-    "PRIV8",
-    "for\s*i\s*in\s*\"uname\s*\-a\"",
-    "Exploit\s*failed",
-    "Suicide\(\'Windows\s*\-\s*Suicide\'\)\;\}",
-    "=\s*str\_replace\(\"w\"\,\"\"\,\"wstrw\_wrewpwlwawcwe\"\);",
-    "\(\"x\"\,\s*\"\"\,\s*\"xbxasxex6x4x_xdexcoxde\"\);",
-    "\(\"s\"\,\"\"\,\"scsrsesatses_fsusnscstsisosn\"\);",
-    "\$i=strrev\(\"uoy yb dekcah\"\);",
-    "<font\s*color=\#FFFFFF>\[uname\]\"\.php_uname\(\)\.\"",
-    "\$result\s*=\s*mail\(stripslashes\(\$to\)\,\s*stripslashes\(\$subject\)\,\s*stripslashes\(\$message\)\);",
-    "\$android\s*=\s*strpos\(\$_SERVER\[\'HTTP_USER_AGENT\'\]\,\"Android\"\);",
-    "last\s*\(all\s*users\)\s*\(nst\)\s*last\s*all",
-    "online\s*encode\s*by\s*cha88\.cn\!",
-    "<title>Solutions\s*en\s*ligne\s*\-\s*AccèsD<\/title>",
-    "<title>SERVER\s*INFO<\/title>",
-    "\$OUT=alfa\(\$OUT\);eval\(\$OOO0000O0\(\$OUT\)\);return;",
-    "\$sys\s*=\s*strrev\(base64_decode\(\"bWV0U3lT\"\)\);\/\/system",
-    "\}=\@unserialize\(base64_decode\(\$_POST\[\"",
-    "\@system\(\"killall\s*\-9\s*\"\.basename\(\"\/usr\/bin\/host\"\)\);",
-    "\@system\(\"\(crontab\s*\-l\|grep\s*\-v\s*crontab;echo;echo\s*\'\*\s*\*\s*\*\s*\*\s*\*\s*\"\.\$SCP\.\"\/1\.sh\'\)\|crontab\"\,\s*\$ret\);",
-    "function\s*GetWPFooterFNs\(\)",
-    "\$tmp\s*=\s*\@fread\s*\(\$a\,\s*sprintf\s*\(\"\%u\"\,\s*\@filesize\s*\(\$a\)\)\);",
-    "\(\"e\"\.\"va\"\.\"l\(\'",
-    "title=\"Remote\s*Shell\">",
-    "\/\/Obfuscation\s*provided\s*by\s*FOPO\s*-\s*Free\s*Online\s*PHP\s*Obfuscator\s*v1\.2\:",
-    "<\?php\s*\@array_diff_ukey\(\@array\(\(string\)\$_REQUEST\[\'password\'\]\=\>1\)",
-    "\$file=\@\$_COOKIE\[\'Jlma3\'\];",
-    "\$fc64=strip_tags\(str_replace\(\"\s*\"\,\"\"\,trim\(\$_GET\[\'fc\'\]\)\)\);",
-    "<li><a\s*href=http\:\/\/(.*)<\/a><\/li>\s*<li><a\s*href=http\:\/\/(.*)<\/a><\/li>(.*)<li><a\s*href=http\:\/\/(.*)<\/a><\/li>(.*)<li><a\s*href=http\:\/\/",
-    "echo\s*base64_encode\(\'error\s*\:\s*\'\.\$result\);",
-    "\$i59\[",
-    "\$x74\[",
-    "if\s*\(get_magic_quotes_gpc\(\)\)\s*\{\s*\$wp=stripslashes\(\$wp\);\s*\}",
-    "my\s*\@dangercalls=qw\(",
-    "<\?php\s*extract\(\$_COOKIE\);\s*\@\$F\&\&\@\$F\(\$A\,\$B\);",
-    "copy\(\$_FILES\[\"upfile\"\]\[\"tmp_name\"\]\,\s*\$_FILES\[\"upfile\"\]\[\"name\"\]\)",
-    "\$back_connect=\"",
-    "add_action\(\'after_setup_theme\'\,\s*\'research_plugin\'\);",
-    "document\.getElementById\(\'HideMeBetter\'\)",
-    "<\?php\s*\/\*\s*copyright\s*\*\/(.*)\/\*\s*copyright\s*\*\/ ?>",
-    "elseif\(strstr\(\$_0\,_203519383",
-    "<div\s*style=\"position\:absolute;\s*left\:\-(.*)px;\s*top\:\-(.*)px;\"><a\s*href=\"http\:\/\/",
-    "<\?php\s*eval\(\"\?>\"\.base64_decode\(\"",
-    "\$workdir\s*=\s*preg_replace\(\"\/\^www\W\.\/\"\,\s*\"\"\,\s*\$_SERVER\[\"HTTP_HOST\"\]\);",
-    "<\?php\s*echo\s*eval\(base64_decode\(str_replace\(\'\*\'\,\'a\'\,str_replace\(\'\%\'\,\'B\'\,str_replace\(\'\~\'\,\'F\'\,str_replace\(\'\_\'\,\'z\'\,str_replace\(\'\$\'\,\'x\'\,str_replace\(\'\@\'\,\'d\'\,str_replace\(\'\^\'\,\'3\'\,str_rot13\(",
-    "<\?php\s*if\(\@\$_COOKIE\[\'ft\'\]\)\{\$xww=\$_COOKIE\[\'ft\'\]\(\"\"\,\@\$_COOKIE\[\'st\'\]\(\@\$_COOKIE\[\'nk\'\]\)\);\$xww\(\);\}\?>",
-    "function\s*Decode\(\)\{var",
-    "<\?php\s*function\s*hex2str\(\$hex\)\s*\{\s*return\s*pack\(\'H\*\'\,\s*\$hex\);\s*\}\s*if\(\$_GET\[\'xhelp\'\]\)\s*\{\s*echo\s*\"<pre>\";\s*eval\(\$_GET\[\'xhelp\'\]\);\s*\}\s*if\(\$_GET\[\'hex\'\]\)\s*\{\s*\$payload=hex2str\(\$_GET\[\'hex\'\]\);\s*echo\s*\"<pre>\";\s*system\(\$payload\);\s*\}\s*\?>",
-    "\$z=get_option\(\"_site_transient_browser_(.*)\)\"\);\s*\$z=base64_decode\(str_rot13\(\$z\)\);\s*if\(strpos\(\$z\,\"C20F58DE\"\)\!\=\=false\)\{\s*\$_z=create_function\(\"\"\,\$z\);\s*\@\$_z\(\);\s*\}",
-    "Copyright7_20_127\(\);",
-    "eval\(\"\W\$x=gzin\"\.\"flate\(base\"\.\"64_de\"\.\"code\(\W\"",
-    "\$userAgents\s*=\s*array\(\"Google\"\,\s*\"Slurp\"\,\s*\"MSNBot\"\,\s*\"ia_archiver\"\,\s*\"Yandex\"\,\s*\"Rambler\"\)",
-    "for\(\$i=0;\s*\$i\s*<\s*strlen\(\$x\);\s*\$i\+\+\)\{\$(.*)=\"base64_decode\";return\s*\$",
-    "Upload Complete\!",
-    "\$query\s*=\s*base64_decode\(str_replace\(\'\s*\'\,\s*\'\+\'\,\s*\$_POST\[\'query\'\]\)\);",
-    "<\?php\s*\$wp__wp=\'base\'\.\(32\*2\)\.\'_de\'\.\'code\';\$wp__wp=\$wp__wp\(str_replace\(\"",
-    "\#Coded\s*By\s*Pejvaknuse\s*Socket;",
-    "<\?php\s*\(\$www=\s*\$_POST\[\'yt\'\]\)\s*\&\&\s*\@preg_replace\(\'\/ad\/e\'\,\'\@\'\.str_rot13\(\'riny\'\)\.\'\(\$www\)\'\,\s*\'add\'\);\?>",
-    "OOO000000=urldecode\(",
-    "visitorTracker_isMob",
-    "this->privmsg\(",
-    "Starting call",
-    /* "Hacked", - removed pattern due to large volume of false positives */
-    /* "boff", - removed pattern due to large volume of false positives */
-    "r57Shell Edited By Margu",
-    "IRC_socket",
-    "ConfigSpy",
-    "aWYo",
-    "currentCMD",
-    "IyEvdXNyL2Jpbi9",
-    "bind_port",
-    "BaseIRC",
-    "procname",
-    "Web Shell",
-    "Goog1e_analist",
-    "Upload Fail !",
-    "FilesMan",
-    "uname -a",
-    "Sakerhetsniva",
-    "0x00 PHP shell",
-    "surl = htmlspecialchars",
-    "function echoQueryResult\(\) \{",
-    "Safe Mode on/off:",
-    "Script for l33t admin job",
-    "ONBOOMSHELL V 0.2",
-    "StresBypass v1.0",
-    "JspWebshell",
-    "StAkeR ~ Shell",
-    "SnIpEr_SA",
-    "<style name=\"Mr.HiTman\"",
-	"\$\w+\(.*\)",
-	"<\?php\s*\/\*god_mode_on\*\/eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);\s*\/\*god_mode_off\*\/\s*\?>",
-	"RewriteCond %{HTTP_REFERER}\s*\^\.\*\s*\([^\)]*[google|yahoo|bing|ask|wikipedia|youtube][^\)]",
-	"^<\?php\s*if\(!function_exists\([^{]+\s*{\s*function[^}]+\s*}\s*[^\"']+\s*[\"'][^\"']+[\"'];\s*eval\s*\(.*\)\s*;\s*}",
-	"<\?php)*\\\$md5\s*=\s*[\"|']\w+[\"|'];\s*\\\$wp_salt\s*=\s*[\w\(\),\"\'\;\$]+\s*\\\$wp_add_filter\s*=\s*create_function\(.*\);\s*\\\$wp_add_filter\(.*\);\s*(\?>",
-
-);
-
-foreach ($tree as $finfo)
-{
-    // exclude scanner directory from the scan
-    if(realpath(__DIR__) == realpath($finfo['path'].$finfo['dirname']) )    
-    
-    {
-        continue;
-    }
-
-    if($print_all) print "{$finfo['path']}{$finfo['fname']}....CHECKING";
-    $tmp = file_get_contents($finfo['path'].$finfo['fname']);
-    preg_match('/[^.\s]*([a-z])$/i', $finfo['fname'], $match);
-
-    if(preg_match('/[^.\s]*([a-z])$/i', $finfo['fname'], $match))
-    {
-        $ext = $match[0];
-        unset($match);
-    }
-
-    if('gif' == $ext && preg_match('/<\?php/i', $tmp))
-    {
-        $counter_infected++;
-        if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
-        if($print_infected || $print_all) print "\n";
-        {
-            print "...INFECTED (PHP open tag inside GIF image)\n";
-        }
-
-    }
-    elseif('jpg' == $ext && preg_match('/<\?php/i', $tmp))
-    {
-        $counter_infected++;
-        if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
-        if($print_infected || $print_all) print "\n";
-        {
-            print "...INFECTED (PHP open tag inside JPG image)\n";
-
-        }
-
-    }
-
-    elseif('png' == $ext && preg_match('\"PHP script\"', $tmp))
-    {
-        $counter_infected++;
-        if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
-        if($print_infected || $print_all) print "\n";
-        {
-            print "...INFECTED (cryptoPHP)\n";
-
-        }
-
-    }
-
-    elseif('png' == $ext && preg_match('php.{0,80}', $tmp))
-    {
-        $counter_infected++;
-        if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
-        if($print_infected || $print_all) print "\n";
-        {
-            print "...INFECTED (cryptoPHP)\n";
-
-        }
-
-    }
-
-    elseif('jpeg' == $ext && preg_match('/<\?php/i', $tmp))
-    {
-        $counter_infected++;
-        if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
-        if($print_infected || $print_all) print "\n";
-        {
-            print "...INFECTED (PHP open tag inside JPEG image)\n";
-        }
-
-    }
-
-   elseif('php' == $ext)   
-   {
-        foreach($pattern as $regex){
-        if(preg_match('#'.$regex.'#i', $tmp, $matches)){
-        if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
-        if($print_infected || $print_all) print "<em> => <font color=\"#B22222\">SUSPECTED</font> String: ".$regex."</em>";
-        $counter_suspected++;
-        if($print_infected || $print_all) print "\n";
-        continue;
-           }      
-       }
-    }
-
-    elseif($print_all) print "...OK\n";
-    unset($tmp);
-}
-echo "\n";
-print "Files checked: ".count($tree)."\n";
-print "Files suspected: ".$counter_suspected."\n";
-print "Files infected: ".$counter_infected."\n";
-
-if($counter_suspected) print "NOTE: SUSPECTED DOESN'T MEAN INFECTED! DIFF AGAINST TRUSTED COPY OF SUSPECTED FILES TO BE SURE EVERYTHING IS OK. \n\n";
-print "</pre>";
-unlink(__FILE__);
-exit;
-
-class e_file
-{
-    function get_files($path, $fmask = '', $omit='standard', $recurse_level = 0, $current_level = 0)
-    {
-        $ret = array();
-        if($recurse_level != 0 && $current_level > $recurse_level)
-        {
-            return $ret;
-        }
-        if(substr($path,-1) == '/')
-        {
-            $path = substr($path, 0, -1);
-        }
-
-        if(!$handle = opendir($path))
-        {
-            return $ret;
-        }
-        if($omit == 'standard')
-        {
-            $rejectArray = array('^\.$','^\.\.$','^\/$','^CVS$','thumbs\.db','.*\._$','null\.txt');
-        }
-        else
-        {
-            if(is_array($omit))
-            {
-                $rejectArray = $omit;
-            }
-            else
-            {
-                $rejectArray = array($omit);
-            }
-        }
-        while (false !== ($file = readdir($handle)))
-        {
-            if(is_dir($path.'/'.$file))
-            {
-                if($file != '.' && $file != '..' && $file != 'CVS' && $recurse_level > 0 && $current_level < $recurse_level)
-                {
-                    $xx = $this->get_files($path.'/'.$file, $fmask, $omit, $recurse_level, $current_level+1);
-                    $ret = array_merge($ret,$xx);
-                }
-            }
-            elseif ($fmask == '' || preg_match("#".$fmask."#i", $file))
-            {
-                $rejected = FALSE;
-
-                foreach($rejectArray as $rmask)
-                {
-                    if(preg_match("#".$rmask."#", $file))
-                    {
-                        $rejected = TRUE;
-                        break;
-                    }
-                }
-                if($rejected == FALSE)
-                {
-                    $finfo['path'] = $path."/";  // important: leave this slash here and update other file instead.
-                    $finfo['fname'] = $file;
-                    $ret[] = $finfo;
-                }
-            }
-        }
-        return $ret;
-    }
-
-    function get_dirs($path, $fmask = '', $omit='standard')
-    {
-        $ret = array();
-        if(substr($path,-1) == '/')
-        {
-            $path = substr($path, 0, -1);
-        }
-
-        if(!$handle = opendir($path))
-        {
-            return $ret;
-        }
-        if($omit == 'standard')
-        {
-            $rejectArray = array(
-              '^\.$',
-              '^\.\.$',
-              '^\/$',
-              '^CVS$',
-              'thumbs\.db',
-              '.*\._$',
-              'error_log',
-              '.*\.pdf',
-              '.*\.doc',
-              '.*\.xls',
-              '.*\.mp3',
-              '.*\.mov',
-              '.*\.mp4',
-              '.*\.flv',
-              '.*\.swf',
-              '.*\.ppt',
-              '.*\.log',
-              '.*\.zip',
-              '.*\.tar',
-              '.*\.gz',
-              '.*\.tar.gz',
-              '.*\.rar',
-              '.*\.exe',
-              '.*\.7z',
-              '.*\.webm',
-              '.*\.txt',
-              '.*\.csv',
-              '.*\.svg',
-              '.*\.wmv',
-              '.*\.iso',
-              '.*\.sql',
-              '.*\.db',
-              '.*\.psd',
-              '.*\.eps',
-              '.*\.ai');
-        }
-        else
-        {
-            if(is_array($omit))
-            {
-                $rejectArray = $omit;
-            }
-            else
-            {
-                $rejectArray = array($omit);
-            }
-        }
-        while (false !== ($file = readdir($handle)))
-        {
-            if(is_dir($path.'/'.$file) && ($fmask == '' || preg_match("#".$fmask."#", $file)))
-            {
-                $rejected = FALSE;
-                foreach($rejectArray as $rmask)
-                {
-                    if(preg_match("#".$rmask."#", $file))
-                    {
-                        $rejected = TRUE;
-                        break;
-                    }
-                }
-                if($rejected == FALSE)
-                {
-                    $ret[] = $file;
-                }
-            }
-        }
-        return $ret;
-    }
-
-    function rmtree($dir)
-    {
-        if (substr($dir, strlen($dir)-1, 1) != '/')
-        {
-            $dir .= '/';
-        }
-        if ($handle = opendir($dir))
-        {
-            while ($obj = readdir($handle))
-            {
-                if ($obj != '.' && $obj != '..')
-                {
-                    if (is_dir($dir.$obj))
-                    {
-                        if (!$this->rmtree($dir.$obj))
-                        {
-                            return false;
-                        }
-                    }
-                    elseif (is_file($dir.$obj))
-                    {
-                        if (!unlink($dir.$obj))
-                        {
-                            return false;
-                        }
-                    }
-                }
-            }
-
-            closedir($handle);
-
-            if (!@rmdir($dir))
-            {
-                return false;
-            }
-            return true;
-        }
-        return false;
-    }
-
-}
-?>
\ No newline at end of file