I encountered some particularly smart malware on a site I was working on once, it read the server’s log files to determine the IP addresses of the site owners (whoever had logged in via ssh) and when they visited the site, it displayed normally. It could be something similar here.
Search your code for eval functions, when I’ve seen sites hijacked like this they hide the malicious PHP code in eval(base64_decode() and put it in strange places in the file e.g. prefixed by 100 spaces so you have to scroll across in your editor to even notice it.
You have a one page website that as long as you made a backup it up would take you an hour or so to replace. If you change all the passwords and you do that you should be fixed.This would prove if there is a problem with your site or not.
As I see it you have been over a day and not done anything?