I did a little research. The hacker injected the malicious code into the "append" column in each zone under "rv_zones" in the database.
The table "rv_banners" seems not to be affected.
Additionally, there was a malicious PHP code under \www\delivery\ with the name "js.php". According to the virus scanner a malicious code named "PHP.Filesman". With this the hackers probably have access to the website.