Ayuda con Archivos Maliciosos en Wordpress

He recibido un correo de mi alojamiento diciéndome que tenia Malicious Files

Tengo todos los plugins actualizados y wordefense instalado y aparecen algunos archivos modificados, pero no he encotrado nada.
Alguna ayuda. ¿Que puedo hacer?

En el log se puede ver lo siguiente:

Scan started at - Tue Oct 6 18:37:28 EDT 2015
/wp-includes/certificates/ca-bundle_backup.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/images/crystal/audio_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/js/customize-base_bck_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/js/plupload/license_infoold.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/js/tinymce/langs/wp-langs-en_prevv1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/js/tinymce/plugins/tabfocus/plugin.min_bck_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/pomo/mo_new.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/SimplePie/Net/IPv6_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/Text/Diff/Engine/string_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-includes/Text/Diff/Renderer/inline_infoold.php: JCDEF.Obfus.CreateFunc.BackDoorEval-26.UNOFFICIAL FOUND
/wp-admin/link-add_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/includes/class-ftp-sockets_bck_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/css/deprecated-media_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/css/colors/blue/colors-rtl_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/css/colors/coffee/colors_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/css/colors/ectoplasm/colors-rtl_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/css/colors/midnight/colors-rtl_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/css/colors/sunrise/colors-rtl_bck_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/network/site-settings_indesit.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-admin/js/media-gallery.min_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-22.UNOFFICIAL FOUND
/wp-content/plugins/google-xml-sitemaps-v3-for-qtranslate/img/icon-donate_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-25.UNOFFICIAL FOUND
/wp-content/plugins/all-in-one-schemaorg-rich-snippets/admin/images/code-in-page.php_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-25.UNOFFICIAL FOUND
/wp-content/plugins/all-in-one-schemaorg-rich-snippets/.git/objects/f2/_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-25.UNOFFICIAL FOUND
/wp-content/plugins/all-in-one-schemaorg-rich-snippets/.git/objects/7b/_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-25.UNOFFICIAL FOUND
/wp-content/plugins/better-wp-security/modules/free/admin-user/js/admin-admin-user_indesit.php: JCDEF.Obfus.CreateFunc.BackDoorEval-25.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 25
Time: 175.801 sec (2 m 55 s)
Scan ended at - Tue Oct 6 18:40:23 EDT 2015

Pues deberas seguir la ruta y mirar si hay algo malo alli... 🙂

Sent from my ZTE Blade L3 Plus using Tapatalk

Es lo primero que he hecho, pero en ninguna de las rutas veo nada raro.
Tengo una copia de seguridad de hace unos meses y parece exactamente igual.
Gracias por la ayuda