I agree that is the symptom and not the cause. I would like to say again that this code has been inserted to all php pages, the number of those is very large.
As for the files you mentioned Andrew helper.php and the other one, yes these files are very common to joomla.
So only someone that would understand what the code does per line could help right now.
I am not sure but the first big part looks like a shell to me. 

I am posting an original ("clean") index.php file of joomla as it should normally be.
It is obvious that this part of code shouldn't be there, but even if someone claims that this code is not malicious it means that he or she understands what this code does. So please if you will explain to me too.
Andrew i know that is not the first point of intrusion, and i know also that joomla has a lot of known vulnerabilitites, but i see a piece of code on the files of a site and i am curious what this does and how.

I forgot to mention that this code has been placed to all .php pages of the site, that is not very common don't you think? This is actually a professional real hack and i think it is very interesting to be investigated how  this was done...

First of all thanks for the reply, i know this code is malicious because the site was hacked several times and many strange things happened, you know like frontpage replacement from hackers and thiings like that. Secondly because the site is built on joomla and i can distinguish (so can everyone who has been working with joomla) the code that exists on a normal joomla .php page from code that was manually inserted. You can also notice this, the joomla code starts with the joomla credits comments (at line 2!!!).
Can you tell what the first part of code (the one that is not well lined out well and is before the joomla credits comments) is for? Also if you can see it uses code encoding and decoding, i don't know, i can post also a normal index.php to view the difference

hello there to the ethical hacker community, at the start of the attached file there is code that i found to all .php files that exist on a site that was hacked. If the code seems interesting to anyone, some explanation on what the code does would be very helpful so i can secure my site.