aaack is right.
Sometimes you can get away with deleting that code from the offending files after getting rid of hack code in htaccess and perhaps fixing the timthumb vulnerability for one (there is a plugin for that issue).
For one site I made a list of all the plugins I had installed, deleted all the plugins, manually reinstalled WordPress, changed passwords etc. etc.
There is no "one way" to fix this. Sucuri and others offer that as a service by I don't have any direct experience with them so can't recommend or not recommend them.
I wish I had a better answer for you.
(CNY Web Designs
This site should be a membership site since it so full of good stuff.
Please consider donating
which gives you access to even more good stuff.