on september 4th on of my sites got hacked, seems through an infected theme.
The following 2 variants of malware were inserted into all php files
and the following file wp-thumb-creator.php was placed in /home/...mydirs.../wp-content/uploads/ with also evil content http://pastebin.com/kQY9Y2Kh
A start for fixing your stuff can be found here
and I wrote a regex myself to check the entire machine for bad files left over, if you know what ssh & bash are, this can help you with the search
pcregrep -i -r -n -M --buffer-size=200K --include=.\.php "<\?php\s*\\\$md5\s*=\s*\"[a-z0-9]*\";\s*\\\$wp_salt\s*=\s*array" . > malcheck.log
2 more links I found with additional info
Hope that can help somebody to clean his server.