There are many things that I do to check a possible hack on the site. Changing FTP users/passwords, reinstalling WP, reinstalling themes/plugins, changing user account passwords (especially admin level), change hosting credentials.
I wrote an entry on my own site to remind me (most of the stuff there is my own ‘notes’ to myself). May be helpful: http://securitydawg.com/recovering-from-a-hacked-wordpress-site/ (Not trying to promote my site; there are many googles on how to recover from a hacked site. That link is just my personal list.)