I'm afraid i have to reinstall the machine, but before i do it want to know what and how happened.
With that kind of access you could try to see what happened, but there are a lot of possibilities...
Thats it.
now that you mentions Samba, in my LUG I am an user was hacked, and the main suspect is samba, he don't has it patched, and had no firewall, so the latest samba vulnerability could have been exploited (the intruder seems to have applied the patch to fix samba, and then installed backdoors and things like that... but left all logged in the /root/.bash_history). That kind of things could be what happened in your machine, but really clever guys don't left that kind of traces.
Or many other things, because according to another mail in this threat he seems to run a normal 7.2 with a lot of services bound, even finger did work.
But I think that the best is reformat/reinstall the machine, you can't be sure what have been changed in your disk.
This and nothing else. But this time harden the box. Disable all services you dont need. Use scripts like harden_suse and SuSEfirewall2 to harden and protect your system. Think on kernel patches like openwall to prevent buffer overflows and privilege escalation. Simply ask google how 2 harden a linux box. Check e.g. what the guys from http://www.trusteddebian.org/ do for the security of their distri. Cheers Michael