Looking for bad guys.

This script looks for traces of malicious code including code injections, modified .htaccess that makes images executable, and so on.

./.htaccess contains RewriteRule - check it manually for malicious redirects.
./.htaccess contains AddHandler - make sure it does not make ordinary files like images executable.
./backoffice/includes/html2pdf/_tcpdf_5.0.002/tcpdf.php MATCHES REGEX: /base64_decode *\(/i
./backoffice/includes/html2pdf/_tcpdf_5.0.002/tcpdf.php MATCHES REGEX: /system *\(/i
./backoffice/includes/html2pdf/_class/myPdf.class.php MATCHES REGEX: /system *\(/i
./backoffice/tweetbot/tmhUtilities.php MATCHES REGEX: /shell_exec *\(/i
./backoffice/module/menu/menu/includes/mysql2i.class.php MATCHES REGEX: /`.+`/
./backoffice/module/menu/mysql2i.class.php MATCHES REGEX: /`.+`/
./backoffice/module/menu_kanan/menu/includes/mysql2i.class.php MATCHES REGEX: /`.+`/
./backoffice/module/menu_kanan/mysql2i.class.php MATCHES REGEX: /`.+`/
./core/lib/captcha/dm2.php MATCHES REGEX: /base64_decode *\(/i
./core/lib/MySQLi-CRUD-PHP-OOP-master/MySQLi-CRUD-PHP-OOP-master/class/mysqli_crud.php MATCHES REGEX: /`.+`/
./core/lib/angularcode-database-helper-php/MySQLi-CRUD-PHP-OOP-master/class/mysql_crud.php MATCHES REGEX: /`.+`/
./core/lib/mydbclient.php MATCHES REGEX: /base64_decode *\(/i
./core/lib/mydbclient.php MATCHES REGEX: /`.+`/
./core/lib/mysql2i.class.php MATCHES REGEX: /`.+`/
./scanshell.php MATCHES REGEX: /edoced_46esab/i
./scanshell.php MATCHES REGEX: /system *\(/i
./scanshell.php MATCHES REGEX: /`.+`/
./scanshell.php MATCHES REGEX: /hacked by /i
./scanshell.php MATCHES REGEX: /web[\s-]*shell/i
./scanshell.php MATCHES REGEX: /c99/i
./scanshell.php MATCHES REGEX: /r57/i
./scanshell.php MATCHES REGEX: /gooqle/i
./scanshell.php MATCHES REGEX: /_analist/i
./scanshell.php MATCHES REGEX: /anaiytics/i
./scanshell.php contains RewriteRule - check it manually for malicious redirects.
./scanshell.php contains AddHandler - make sure it does not make ordinary files like images executable.
./backoffice/ckfinder/plugins/fileeditor/codemirror/contrib/php/index.html MATCHES REGEX: /`.+`/
./assets/js/jquery.magnific-popup.js MATCHES REGEX: /`.+`/
./assets/js_bk/bootstrap.min.js MATCHES REGEX: /`.+`/
./backoffice/assets/js/amcharts/exporting/filesaver.js MATCHES REGEX: /`.+`/
./backoffice/assets/js/amcharts/exporting/jspdf.js MATCHES REGEX: /base64_decode *\(/i
./backoffice/assets/js/amcharts/exporting/jspdf.js MATCHES REGEX: /`.+`/
./backoffice/assets/js/jszip.js MATCHES REGEX: /c99/i
./backoffice/assets/js/bootstrap.js MATCHES REGEX: /`.+`/
./backoffice/assets/js/less.js MATCHES REGEX: /`.+`/
./backoffice/assets/js/popover.js MATCHES REGEX: /`.+`/
./backoffice/assets/js/jquery.js MATCHES REGEX: /`.+`/
./backoffice/assets/js/raw-files.js MATCHES REGEX: /`.+`/
./backoffice/ckfinder/plugins/fileeditor/codemirror/contrib/php/js/parsephp.js MATCHES REGEX: /`.+`/
./backoffice/ckfinder/plugins/fileeditor/codemirror/contrib/php/js/tokenizephp.js MATCHES REGEX: /`.+`/
./backoffice/ckeditor/ckeditor.js contains AddHandler - make sure it does not make ordinary files like images executable.
./core/lib/validation/jquery.validate.js MATCHES REGEX: /`.+`/
./core/lib/validation/jquery.js MATCHES REGEX: /`.+`/
./backoffice/assets/css/docs.css MATCHES REGEX: /`.+`/

Done