I have been hacked. The problem is coming through admin-header.php

Hi, I found recently on my site a virus that was redirecting to something like: evony-fifia.com or something like that. I found that a script was injected into some of the index files. I removed the script and everything was fine.
A few days ago I found that when I want to post a new post I see the same address that redirects for a seconds. I have installed Avast and reloaded the page. It alert me for a virus in:

/wp-admin/post-new.php

JS: Illredir-Z[Trj]

I have download a new fresh copy of wordpress and installed it – the problem has left.

So I have opened /wp-admin/post-new.php file and start to test it.

I found that if a remove

include('edit-form-advanced.php');

from the source and reload post new page there is no alert for Trj virus.

So, next file I try to test was /wp-admin/edit-form-advanced.php.

I found that when I remove

require_once('admin-header.php');

from the source there is no alert.

Finally I try to test /wp-admin/admin-header.php.

I found the problem comes from:

if ( in_array( $pagenow, array('post.php', 'post-new.php', 'page.php', 'page-new.php') ) ) {
	add_action( <strong>'admin_print_footer_scripts', 'wp_tiny_mce', 25</strong> );
	wp_enqueue_script('quicktags');
}

And especially from the bold line. If I remove one of the strings, the page is loaded without a virus alert.

Any ideas how to fix that problem?