Your best course of action is first contact your host and get them to recover your website from backup. Once you have a clean copy in place then run (don't walk) in making sure all your stuff is updated, all user/passwords changed, etc.
Most hacked sites I work on are due to outdated plugins or theme. Try the "timthumb vulnerability scanner" once things are back in place. That may help identify any old timthumb scripts.
Then I recommend you make sure all is upgraded. Sadly, nowadays it's rare for hackers to not leave back door scripts in place (allowing hacker to hack your site again in future). You'll need to review every file on your website respectively to ensure none are out of place or were installed by hacker.