First, I suggest checking all of the file and folder permissions. It's generally recommended that folders be set to nothing higher than 755 and files nothing higher than 644. We frequently see permissions modified after a website infection.
Second, check all .php files for the following strings:
You can't just assume files with the above strings are bad, but those files should be investigated more thoroughly.
Keep in mind that looking only at files with a recent datetime stamp is not very secure. Many of the backdoors we're seeing on infected websites have the ability to change/modify the datetime stamp of any file on the website. We've also been seeing backdoors that have valid comments in them. For instance, on one osCommerce based site, the backdoor had the exact same osCommerce comments/header as other valid files.
As a good measure, assume that all passwords stored on the site have been stolen. Change all passwords: MySQL, cPanel, FTP - everything.