Joachim,
I hope this information is helpful to you. If not, maybe it will be to someone else.
On my site I was running the previous version of Coppermine. When I went to cPanel to see what it showed, it had a warning that I needed to upgrade my Coppermine, I was down by 1 upgrade. Since I wasn't sure whether that would help or not, I held off.
Long story short, none of my Coppermine files were touched. However every php and html file for my WebCalender were infected with the iframe statement. Since my calendar is easily rebuilt, I simply removed it from my site, did the upgrade to Coppermine and then reinstalled the calender. I haven't had a problem since.
Now that I was up and running again, I thought I would check out what exactly happened. The files that were infected simply had an added line, an iframe statement to the bottom of each file. It was easy enough to go through and edit the 200 plus files, just tedious. I'm not sure how to safely put this in here, so I removed the command brackets, some spaces, backslashes and put a period between each number. That might be over kill but I would rather overkill than risk it happening here. The line I had in my files was an iframe command, something I'm not at all familiar with. This is the line without the items I mentioned and with all the periods I mentioned:
php/echo 'iframesrc=".0.4;.1.6;.1.6;.1.2;.8;.7;.7;	.9;.0.0;.1.2;.1.7;.1.8;	.8;.0.4;.0.2;.2.2;.2.2;.6;	.9;.1.1;.0.9;.7;.0.0;.0.8;.7;	.7;.0.0;.1.8;.3;.7;.6;.6;.1.2;.0.4;.1.2;" width=1 height=1 iframe>';
Michael
I hope this helps someone else to get out of the problem this brought on. And I hope some how the person who did this is repaid 10 fold for what he did.