my web host post this:

The attacker compromised the server and began a UDP denial of service attack through the use of a script called "doze" placed in /dev/shm. This hacker was on our server.
We will be attempting to clean the server via console. The server will not be accessible from the Internet as it's been physically unplugged from the network.

Can anyone tell me , how long they probably need to clean the server via console and plug it back? The downtime is now about 1,5 days.

could be awhile.. a few more days.. the smart thing to do is backup user files and then do a fresh install then get everything back working

It all depends on how long they take, it might be a few more days or it might be a few hours. You might try contacting them and ask them for an estimate.

it should only take a day, besides they could setup an firewall blocking outgoing ports and clean it containing the flooder, while they clean. The server was probably taken advantage by some poorly coded php script, in which root compromise is not always taken.