Your Wordpress has been compromised. header.php is not the only file someone has changed.

Check functions, and all major files. Also in wp-include check for wp-log.php, that file probably will have different date of upload because someone has added it.