First, don't reboot the server or restart the SQL Server service, because you can loose valuable audit information doing that.
You can query sys.objects and order by modify_date desc, create_date desc for a quick idea of what objects had DDL modification recently.
Also query default trace for login, ddl, and dbcc events.
http://www.sqlservercentral.com/articles/SQL+Server+2005/64547/
You probably want to call in a consultant who specializes in performing intrusion assessments for Windows Server and SQL Server.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho