Hello! I am a system admin in hosting company. I have fixed hacked sites tens of times and know exactly what to do: first - scan content for injections. I will use my own python scanner which will detect and remove malware, it uses very useful patterns of malware injections which being collected within last couple years. Last pattern I added yesterday when work on hacked Drupal :) You will get the full list of hacked files, including time of hack so you can address this case to server logs for possible investigation.
Forgot to tell that my hobby is perntesting so I can advice you how to improve security.
I will be online till evening so we can finish this work today.