To get a list of potentially hacked files on your (Linux driven) server, check for recently changed files and store output to file
$ find ./ -type f -name "*.*" -newermt MODIFYDATE > hacked_files.txt
Replace MODIFYDATE with a date (Format: YYYY-DD-MM) you think a hack has happend
More about findutils