is your server managed? or are you the admin for your own server?

port 1521 seems to be common for oracle listener services, though in the port list [iana.org] it is 'nCube License Manager'

those two things might be something to look at

I found a trogan called Exploit-DFind on my server. I have no idea how it got in. Also, the guest account on my server was set to the admin group. There were also quite a few brute force hack on my SQL server and FTP server. I have blocked all IPs except for mine and things seems to be calming down these 2 days.

Have you heard of this Exploit-DFind before? I am not sure if I should do a server reload (Partly because I don't really want the server to go down for unknown hours because I am in the middle of a big advertising campaign). I hope no other system files were corrupted.

Most security efforts are amined at blocking stuff commig in. You have to accept that most web servers will get compromised at some point,and once that happens most the traffic will go the other way.

When deploying a web server just block any outbound ports you dont use to limit your liability.

Most web servers should never need to initiate an outbound session other than for AV/Windows updates etc, which are to known IP's, so you can pretty much block all outbound ports without losing any functionality.