First, don't reboot the server or restart the SQL Server service, because you can loose valuable audit information doing that.

You can query sys.objects and order by modify_date desc, create_date desc for a quick idea of what objects had DDL modification recently.

Also query default trace for login, ddl, and dbcc events.

http://www.sqlservercentral.com/articles/SQL+Server+2005/64547/

You probably want to call in a consultant who specializes in performing intrusion assessments for Windows Server and SQL Server.