Defacement hack and adware script injection?

Re: http://killmalware.com/demonfit.com/
See: <meta content=“Hacked by people_hurt name=” description’=“”>'=“”> when you copy you won’t get '=“”
Detected as Trojan.Script.Heuristic-js.iacgm.
Flagged by Sucuri’s: http://sitecheck.sucuri.net/results/www.demonfit.com/
A misused ir defaced server also listed by MX: http://support.clean-mx.de/clean-mx/portals.php?ns3=ns3.cdmon.net&sort=id%20desc&response=alive
See the long OVERDUE! malcode running from these IP domains (158 domains on one and the same IP).
Found in the past: http://www.projecthoneypot.org/ip_134.0.14.63
Script inject from -cfs.u-ad dot info/cfspushadsv2/request (a scan with MBAM is advisabkle)

pol

html file
https://www.virustotal.com/nb/file/14367675dd928af965c449ba348dc13252d09fecec32328d1fb31fae76824e10/analysis/1418151373/

js file
https://www.virustotal.com/nb/file/14367675dd928af965c449ba348dc13252d09fecec32328d1fb31fae76824e10/analysis/1418151401/

Hi Pondus,

As demonstrated here avast well ahead of the competition here!
Good we have this protection…

polonus