The problem is that the hackers would seem to have write access to the server. That means it's entirely possible they didn't come in through your site and instead may have been wandering around the server with your site only one of many. If so, you can't fix that - your host has to. In any event, someone actually able to re-write an htaccess file implies alot more control than a typical hack.
And if they're writing files to your site/the server, you can't trust anything.
I'd be looking for a new host as part of the solution. It's possible they came in through your site, but don't discount the fact that they came in through the host.