I have already told you, your PHP files are compromised [lets hope database is not, but it could be as well]. You have malware hidden somewhere, usually inside php files, and it could also infected your database in some field to keep the "backup" code. The code is usually hidden in highly encoded forms (even several passes), so use kDiff3 tool to do a comparison check against a clean version you are sure its clean or take a clean install. Also your theme if you have a clean backup. Remember, your server backups could be also compromised.