I don't use IE (beware!
Thanks for the hint regarding smartor's chat - the way I modified it makes it useful for me, but after all your suggestions I will check it for security holes.
@Espicom: they just changed the forum names and the board name.
A few days ago, the board was hacked with the same replacement text, but that first time, they additionally replaced the 1st rank name and deleted the anonymous user! Also, one record of another (phpbb unrelated) MySQL table was replaced. Immediately after that, I updated everything to 2.0.21. Since then, there were 2 more hacks, 1 every day at about the same time of the day.
Just a few minutes ago, I INDEED found a trojan in one of my logfiles (produced by some logged form submission text).
Name: PHP/C99Shell.C Trojan
I guess that might be the REAL reason... I immediately removed all text logging stuff from the site and hope I can give you a success message in a few days!
thanks for all your help, guys