You probably need to hire someone like Securi or another security service that can do the cleaning. It's not always cheap, but they do a great job. The only other option, if you can not personally find each line of infected code (good luck, since it is not easy at all), is to delete all the files and start from scratch. This probably means starting over in the database, since there could be a database injection. But I mean that ALL file needs are in your account.
You can export your content from your website in plain text, or even as a normal WordPress export, and then start the new site, let it run for a few days without adding content and make sure nothing appears. Then add content and see what happens.
But your best options are to hire someone like Securi or clean up everything. Because at this point, the malware is likely to be deeper than just a couple of files. You can run some explorations on the site from the Securi website, but the free public search will not be able to verify the entire server. Just check your site itself. The words are also quite useless at this point, honestly.
It is possible to fix this, but it is not likely to be an easy solution. If you can find a managed WordPress provider that is willing to remove the malware, it will have more power for you. But I do not know if anyone will be willing to clean up the malware that was not caused in their surveillance. And even if it were, most hosts simply do not handle that without considerable expense.
Not trying to be discouraging. But only realistic! Good luck, and do not give up!