security/been hacked - Joomla! Forum - community, help and support

hello site being hacked hackers.
i checked pretty think of no luck.

i made site offline.
when login index.php gives defaced screen.
but index2.php showing normally.
clicking on category "you hacked by.." screen
i using joola v.1.5.6 latest version reported admin tools.

please find more info extracted "forum post assistant"

problem description :: forum post assistant (v1.2.3) : 26th november 2012 wrote:security/been hacked

forum post assistant (v1.2.3) : 26th november 2012 wrote:

basic environment :: wrote:joomla! instance :: joomla! 1.5.26-stable (senu takaa ama busani) 27-march-2012
joomla! configured :: yes | writable (600) | owner: 2318 (uid: /gid: ) | group: 2314 (gid: ) | valid for: 1.5
configuration options :: offline: 1 | sef: 0 | sef suffix: 0 | sef rewrite: 0 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: -1 | site debug: 0 | language debug: 0 | database credentials present: yes

host configuration :: os: linux | os version: 2.6.32-71.29.1.el6.x86_64 | technology: x86_64 | web server: apache | encoding: gzip, deflate | doc root: /home/gsm/public_html | system tmp writable: yes

php configuration :: version: 5.3.13 | php api: cgi-fcgi | session path writable: unknown | display errors: | error reporting: 22519 | log errors to: error_log | last known error: | register globals: | magic quotes: | safe mode: 0 | open base: /home/gsm/:/tmp/:/var/tmp/ | uploads: 1 | max. upload 32m | [b]max. post size: 32m | max. input time: 60 | max. execution time: 30 | memory limit: 128m

mysql configuration :: version: 5.1.65-cll (client:5.1.65) | host: --protected-- (--protected--) | collation: utf8_unicode_ci (character set: utf8) | database size: 10.78 mib | #of tables: 113

detailed environment :: wrote:php extensions :: core (5.3.13) | date (5.3.13) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | filter (0.11.0) | gd () | hash (1.0) | iconv () | spl (0.2) | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | posix () | reflection ($id: 522fef1e5100f848a5e2059d98b3a880a3143e9a $) | session () | standard (5.3.13) | simplexml (0.1) | soap () | sockets () | imap () | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | cgi-fcgi () | eaccelerator (0.9.6.1) | pdo (1.0.4dev) | pdo_sqlite (1.0.1) | sqlite (2.0-dev) | pdo_mysql (1.0.2) | zend engine (2.3.0) |
potential missing extensions :: suhosin |

switch user environment (experimental) :: php cgi: yes | server su: no | php su: yes | custom su (litespeed/cloud/grid): no
potential ownership issues: maybe

folder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

elevated permissions (first 10) ::

extensions discovered :: wrote:components :: site :: wrapper (1.5.0) | tpmystore (1.0.0) | tpmystore (1.0.0) | default (1.0.0) | jv-shop (1.0.1) | user (1.5.0) | mailto (1.5.0) |
components :: admin :: messaging (1.5.0) | search (1.5.0) | cache manager (1.5.0) | catpriceupdate (0.1) | virtuemart (1.1.4) | trash (1.0.0) | plugin manager (1.5.0) | control panel (1.5.0) | weblinks (1.5.0) | dj image slider (1.2.3 stable) | configuration manager (1.5.0) | csvi virtuemart (2.3.11) | newsfeeds (1.5.0) | featured_rupostel (1.0.0) | media manager (1.5.0) | banners (1.5.0) | polls (1.5.0) | frontpage (1.5.0) | template manager (1.5.0) | installation manager (1.5.0) | mass mail (1.5.0) | language manager (1.5.0) | admintools (2.2.9) | csv improved (1.9) | module manager (1.5.0) | contact items (1.0.0) | menus manager (1.5.0) | content page (1.5.0) | user manager (1.5.0) |

modules :: site :: tp currency selector (1.0.) | search (1.0.0) | syndicate (1.5.0) | maxi menu ck joomla!1.5 (1.1) | banner (1.5.0) | featured product in category (1.1.2) | custom html (1.5.0) | statistics (1.5.0) | virtuemart module (1.1.0) | simple image rotator (1.2) | templateplaza menu (2.0.4) | yooscroller (1.5.6) | latest news (1.5.0) | tp search virtuemart product (1.0.) | virtuemart discounted products (1.1.0) | vm live product search (0.5.0) | jv.virtuemart.scroller (1.1.0) | ultimate virtuemart tiny slid (1.5-2) | wrapper (1.0.0) | tp virtuemart modules (1.0.) | tp virtuemart index (1.0.) | menu (1.5.0) | anti right click (hide (1.5) | showplus (1.0.0.5) | slim shopping cart (1.1.0) | read content (1.5.0) | product slider virtuemart (4.1) | footer (1.5.0) | login (1.5.0) | archived content (1.5.0) | virtuemart featured products (1.1.0) | random image (1.5.0) | sections (1.5.0) | virtuemart product slide (1.1.0) | product_list (2.0.0) | jv virtuemart accordion (1.5.0) | yj virtuemart showcase (1.0.1) | slideshow pro (2.1) | tp newsflash rotator (1.0.) | flash-style jquery slideshow v (2.0.3) | virtuemart search (1.1.0) | jv.virtuemart.scroller (1.1.0) | [joomlavision] jvvm catpro (1.5.0) | related items (1.0.0) | virtuemart product slideshow (1.015) | dj image slider (1.2.2 stable) | vm advanced search parameters (0.1) | virtuemart vmmooslider 1.2 (1.015) | tp drop cart (1.0.) | dj image tabber (1.1.2 stable) | tp virtuemart login (1.0.) | mod_moomenu_ck (1.1.0) | breadcrumbs (1.5.0) | jv headline (1.5.16) | virtuemart latest products xht (1.0) | who\'s online (1.0.0) | vtem virtuemart scroller (1.0) | sami slider (2.0.0) | horizontal virtuemart jcarouse (1.5) | [zootemplate] jv virtuemart ca (1.5.2) | vertical virtuemart jcarousel (1.5) | tp banner slide show (1.0.) | ja slideshow2 (1.0.0) | hot effects rotator (1.0) | poll (1.5.0) | feed display (1.5.0) | newsflash (1.5.0) | ceosimpleslide (1.0) |
modules :: admin :: title (1.0.0) | custom html (1.5.0) | items stats (1.0.0) | quick icons (1.0.0) | user status (1.5.0) | admin menu (1.0.0) | toolbar (1.0.0) | footer (1.0.0) | login form (1.0.0) | logged in users (1.0.0) | unread items (1.0.0) | latest news (1.0.0) | admin submenu (1.0.0) | admin tools joomla! upgrade no (revae48dbe) | popular items (1.0.0) | online users (1.0.0) | feed display (1.5.0) |

plugins :: site :: authentication - gmail (1.5) | authentication - joomla (1.5) | authentication - example (1.5) | authentication - ldap (1.5) | authentication - openid (1.5) | xml-rpc - blogger api (1.0) | xml-rpc - joomla api (1.0) | button - readmore (1.5) | button - custom properties tag (1.98.3.4) | button - pagebreak (1.5) | button - image (1.0.0) | system - debug (1.5) | system - log (1.5) | system - backlinks (1.5) | system - sef (1.5) | system - admin tools (2.2.9) | system - legacy (1.5) | system - mootools upgrade (1.5) | system - cache (1.5) | system - remember me (1.5) | system - bigshot google analyt (1.5.3) | system - modalizer (3.1.1free) | system - nonumber framework (12.6.1) | system popup anywhere (1.5.0) | custom properties tags plugin (1.98.3.7) | content - pagebreak (1.5) | content - xtypo (1.4) | content - page navigation (1.5) | virtuemart product snapshot (1.1.0) | content - load modules (1.5) | content - email cloaking (1.5) | content - code highlighter (ge (1.5) | content - example (1.0) | content - vote (1.5) | tp box 2 joomla 1.5 (1.0.0) | content - akjoomgallery (1.1.0) | editor - xstandard lite jo (1.0) | editor - tinymce 3 (3.2.6) | search - categories (1.5) | search - sections (1.5) | search - content (1.5) | virtuemart extended search plu (1.5) | search - contacts (1.5) | search - weblinks (1.5) | search - newsfeeds (1.5) | user - joomla! (1.5) | user - example (1.0) |

templates discovered :: wrote:templates :: site :: rhuk_milkyway (1.0.2) | beez (1.0.0) | ja_purity (1.2.0) | mystore_plazza (1.0.) | jv_conto (1.0.0) | estore_plazza (1.0) |
templates :: admin :: khepri (1.0) | blackplazza admin (1.0) |

maybe http://www.joomla-security.com/ of help?