Here are some thoughts and observations.
What was the host response on the JailShell question asked by Brian and mandville?
What is the host response on the open_base directory? Are the paths set correctly or are they not set at all?
What are/or were your permissions on your files?, Your Directories?
htaccess: Not Implemented ---->> The Joomla htaccess file should be enabled. Not being implemented is a security risk.
PHP/suExec: User and Web Server accounts are not the same. (PHP/suExec probably not installed)---->> This can cause issues with file/directory ownership and file/directory permissions. Elevated permissions are a normal result and are a security risk.
FrontPage/220.127.116.1135 ---->> this is a security risk and should be uninstalled from your domain (usually done through the domains c-panel). Joomla does not need this, and no other modern CMS, forum, store etc. uses this, so remove it.
Can't find any weird database entries (exept voor password change). --->> you probably won't as normally hacks are hidden within files, not the database.
/administrator dir lock by Cpanel ---> while this is a really good idea, at this point it is probably useless. --->>> At this point this would probably be useless. Sort of like locking the barn door after the horse has been stolen.
"JSecure" (Plug-in). It requires additional information after the http://www.site.com/administration/
path to access the admin area - whereby making it harder for hackers to get in. --->>> At this point this would probably be useless. Sort of like locking the barn door after the horse has been stolen.
Just found out another website which i didnt check earlier was hacked, this is a 1.5.23 website, it is a clean install of joomla 1.5.3 with only DTRegister module on it (paid)
Doesnt seem to matter which Joomla! version or pw changes. i've been hacked on: 2x 1.5.23, 1.6.1, 1.6.3, 1.7
Ihave a reseller pack and just found out other joomla! websites on the server were also hacked (not all) Its not the same hosting or domain, only the server
Since you mention you have a reseller account, then You are going to have to remove every single installation (Joomla or otherwise and ALL files) installed from your account all at the same time. Your account is your account and your account controls every domain you sold or have.
What is likely happening is you fix one site, but others are hacked and the hack spreads to the clean account while you try to fix the next one since they have now have the keys so to speak to your entire reseller account.
It is also likely that there are hacking files such as c99 installed on one or more accounts that allow the hacker to view your entire reseller account (and potentially the entire server) as if it were a local hard drive on their computer. There is also the possibility that someone else has an account or site hacked and the hacks are coming from there using the same scripts (c99 and such).
If you move to a a different host, do not take any backups from the old server to the new server, and don't reuse any files, or you will likely find the new one will also be hacked. (you moved the hack files), but rather start with 100% clean freshly downloaded installs.
There is also the possibility that your computer is hacked with malware that steals your login credentials every time you log in to both your reseller account and your domains/sites. it is also possible someone you host (if you do that) has the issue allowing the hacker in.