Hiya,
The third site is very likely hacked (the file list consists of files which are quite typical for these types of hacks), the others may not be. Make sure you check the files with Wordfence's 'show changes/compare files' functionality.
Sometimes files are indicated as changed when the plugin owner has done a minor update - not enough for a new version release -. Think along the lines of updating the 'tested up to WP version xxx' line in the readme.txt file. You can safely ignore those kind of changes.
However if the changes are more extensive and/or contain obfuscated code in any form, you probably have been hacked and the same advise as before applies.
Personally I normally use both WordFence as well as Better WP Security. There's a slight overlap between the two, but for the most part the functionality of the two plugins complements each other and together they give you a pretty high security level for your WP site. All the same, if the server is leaky, there's not much any plugin can do to prevent hacks, but at least you'll be notified quickly so you can remedy the situation.
Hope this helps.
Smile,
Juliette