Same here, also some files added in wp-includes (wp-cd.php, post.php) and in functions.php as you pointed out.
Tried to clean those files but after a while it pops up again. Checked the logs and there were no POSTS requests. It seems there is still some md5 encoded text which apparently inject this code.
Regards.
