My server have many clients, and many site have Joomla engine.
Then you most likely have found the reason for the problem. Many hacks occour trough vulnerabilitys in unpatched joomla installations.
Cleaning such a hacked server is not easy and you can not be 100% sure that you found everything that the hackers modified.
My recommendataion is to do a backup of all websites and databases and then reinstall the system. Before you go live again, you should see if you can patch all joomla systems and you should consider to switch to suphp instead of mod_php. Also disabling functions in php can be used to harden a installation.
This thread might be helpful for moving the ispconfig install to a new server: