What your hosting company is pointing out as potential exploits there, unfortunately appears to be nothing short of guesswork. Those folders are intentionally writable by the system, and some will intentionally contain js files. To be honest, the fact 3 of them are specifically named javascript should probably raise flags about the hosting company that you are using.
What is it that leads you to believe you have been hacked in the first place there? Have you considered our cloud platform, so that you dont have to deal with things like this at all?