Do you by chance have the forgebox module installed?
If you can get a date/time created on those files, you may be able to match it against web server logs to see what kinds of requests came in around then.
I wonder what the chance is that someone else on the shared host is the attach vector, and the hackers were simply able to access the entire file system.
Thanks!
~Brad
ColdBox Platform Evangelist
Ortus Solutions, Corp
E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com