If that is anything like mine, it overrides your admin privileges and allows the hacker to edit basically any file they choose.
I'm not 100% positive but, I'm pretty certain that is not a default WordPress .htaccess file.
I just posted this in another forum.
I just repaired a major hacked site myself. It was a complete pain in my ass.
Look for .htaccess.addHandlerBak or any .htaccess that doesn't belong there and delete it immediately!
Because NOONE responded to any of my requests, I will only tell you what I found on my server. As you can see here HERE
Your file changes look almost identical to mine and the hackers added files throughout my server that mirrored certain files in my directory but added a prefix to the file, Mine was fx_
Through these files and the .htaccess.addHandlerBak they essentially had overridden my admin privileges and made their own through .htaccess. They also uploaded some sort of admin panel of their own (eval script) I believe, that gave them full reign of my main directory and mysql database as well.
I would suggest backing up your current theme, database and completely delete ALL current files on your host and uploading a fresh install of WordPress 2.5.1.
Be sure to double, tipple check your theme for files you don't recognize and delete those files before uploading to the server. Otherwise it's a backdoor for them to get back in.
I also read somewhere to add an index.html file to your plugins directory to prevent hackers from browsing that directory. (A sort of dumb thing for WordPress to leave out in my opinion)
Browse MySql wp_options / current_plugins for any suspicious looking code that pertains to uploads or .jpg images.
Check all of your uploads in your current theme for any file you don't recognize and delete.
Also, Look here , you might find a few things that help (even though It didn't help me much)
Also, if your hosting company offers fantastico wordpress setup and you do a manual install. I found out that the old version installed on fantastico can be hack which compromises your current (up to date) installation.
You might want to contact your hosting company to see if your server has been compromised in any way.