Isn't this suppose to be Google Analytics tracking code?  I could only think of 1 reason why they would do that, that you run a very popular site and they want to track your traffic source! Or maybe it is a plugin of your site that insert the code?

You can't find it in the log file unless you know the hacker ip address. Or if it uploads some other files to your server that has a special name. Or else, nothing to trace with.

I would also be interested in what scripts/services you might be running.  I would suggest scanning your PC for viruses/malware/spyware, cleaning off your hosting account, and make sure you are using the latest version of any scripts you have installed.  Also checking folder/file permissions is something you'll want to do - and check through all your web site files to make sure no other files have been compromised.  Also, I'd toss in to change all your passwords too.

AWESOME MITCH!!    also note that rogueware is rampant is extremely difficult to remove off your PC as well. There are some rogueware scanners out there that can do the job, but best thing anyone can do always keep your content secure, which is bottom line. If, I am not mistaken you also want to ensure that you have your logs archived as the server only keeps logs for 24 hours. Unfortunately if you have not archived your logs then it would be impossible to retrieve the information past 24 hours. Also, during your audit you will want to look for excessive hits from a given IP as this may be the attacker. Using the IP deny manager to block them is a good measure as well. Also, checking with the script developers on how to secure your script even more is greatly increasing the security of your content as well.