Have looked at the index.php file as a text file and see what I'd call injected lines that look like they pull content from a site in China - Google Analyitics competitor?
Look at your version.php file in the moodle code directory for the version of Moodle you are running.
Download that version's zip.
Move your current code diretory to another (outside of web root) location. Unzip the moodle code directory you downloaded in the location of the moodle code directory - NOTE: unzipping will create a 'moodle' directory.
Inspect your config.php file from the current code directory. Any funny stuff? (look way out to the right)
If nothing funny there, copy the config.php file into the newly un-zipped code directory.
Set ownerships/permissions appropriate to your system ... which you have not mentioned.
The above might result in a minor update within the series of Moodle you downloaded.
Got an antivirus app? Scan the old code directory.
May not find a true virus ... but injection ... redirection to other malicious sites, etc..
Consider that your entire server might have been compromised.
'spirit of sharing', Ken