You're better off to go to the Joomla security forums and join the other 100's of I've been hacked posts. If just one of your sites, even a test domain was not running Joomla 1.5.6 on the 14/8/8 then they will have got through the token length password reset vulnerability.
If your username was admin for any one of those sites that will be how they got in. They reset the password, to the 1st user, which by default is admin.
Don't feel too bad though, even Joomla.org got hit. But in essence, you are going to have to change all passwords to Joomla, Mysql and FTP at a minimum. Probably best to do users and ISP config as well.
In terms of getting rid of it, restore files from backup (big props to Joomlapack here), your content should be OK, this hack targets index.php and or template.php. Given that what you are showing is exactly like the other Joomla hacks, I doubt this is much to do with ISPConfig. Joomla forums will help you better.
Last edited by gdaddy; 18th August 2008 at 21:21.