Contact your host provider right away and make sure they’re aware of it. They can help you to remove the files and assure that you have a back-up of your main site if you don’t already know how to do that. As long as they deem you safe from there, then this informational link will help you with improving the security. There are also a great many articles and plugins to help you such as iThemes Security and Wordfence.
http://codex.wordpress.org/Hardening_WordPress
I see the spam you mean. Looks like it is in your theme’s header.php file.
Check out that file, see if you can find ‘best price cialis professional’ and remove the offending code.
Also check functions.php / index.php / footer.php just for good measure.
Also, I often find with spam infections like this that there are often malware files in ./wp-includes so check that directory using the directory comparison feature in filezilla:
http://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html
Also check wp-config.php for anything that’s not supposed to be there.
If you still have problems, search your website file contents for ‘price cialis’ to see if you can find it. You can search file contents either by downloading a local copy of your site and using a desktop search or alternatively establishing an SSH connection to the site and use the ‘grep’ command.
Once the site is clean change all passwords.
If you have trouble just post here and I’ll see if I can help.