ok, i think bevor you hurt yourself by trying to translate to german, we should try english
the problem described by easteregg is, that you can't be sure if your whole server has been manipulated or just your PHP scripts ...
from the facts that are known, the attacker was able to access the whole system
in cases like this there is only one common solution that will work:
flatten and rebuild - means you delete every single bit on the whole system and start at zero, reinstalling the operating system ... you can not repair, since you can't be sure what the attacker did ... for example: did he setup a root kit? has he captured your passwords/keyfiles? you can't know for sure => the only secure way to deal with it, is to assume that nothing on that system can be trusted ... and needs to be destroyed and replaced a.k.a. "flatten and rebuild"
your data on the machine is a problem ... because you can't know, you have to assume that it is compromised ... you will need to restore from a clean backup, but there still is the question how old the backup has to be, to be clean