collecting together Sauron's Eye malware forensics... eventually :-)
NOTE that, for now, this is basically "scribble-space" - someplace to post up examples of files, clean versions of css resources, ANSI pr0n art... whatever. Which is to say that stuff here does not mean that we're suggesting a given file is infected, or represents something evil, or is even remotely interesting to anyone.
Down the line, we'll do some proper ontological structuring and have things nicely organised (more likely, someone smart will do that and we'll continue to make new messes, elsewhere ;-) - experience suggests that a "get going right away, rather than waiting to 'get organised'" can pay serious, broadly-useful dividends. So despite the toe-curling horror I personally feel when posting disogranised work product publicly, I'm going along with advice from colleagues to do exactly that... and in my gut I think they're entirely correct in their advice, as well.
Anyhow, if you swing by, read this, can't sit back and watch such a mess continue to exist, and want to do something... fork away :-) Or submit a pull request, or just dive in and move stuff around as you see fit - whatever rocks your boat. The most I'd ask, personally, is that you include a bit of commenting - somewhere - to explain your thinking, so we can all learn from it and build it into the larger flow of analysis.
Note that some files in here might be hideously infectuous via attack vectors not previously documented in broad publications - so fair warning, fwiw. But probably not. If they are infected, they'll do things like hit your local browser cache/offline storage, crash your browser render-engine, screw with your OS font definitions, install evil hypervisors, engage in Turing-complete shenanigans within the confines of your local DOM representations... stuff like that. Also try to call weird extensions and apps, just from being loaded as text into your browser.
Also NoScript is no help, since little of this stuff is overtly .js by design. So don't feel smug if you're de-scripted, even via source pre-compile edits. Because HTML5. :-P
Cheers.