Thank you James – this is useful information. Well, after some investigation into my htaccess and other files via FTP and phpMyAdmin, I have found no file that could contain the incriminated code. So it seems the hard way is now open before me... And I have no ssh access to my server (hosted website).
By the way, this is the first time ever that one of my Moodle websites is hacked. I'm really surprised that it happened – I thought Moodle was way more secure than other CMSs I'm used to. It took me days to put up and implement my site, and I wonder if Moodle is still the way to go, moreover if I can't find a fix!!