ok, that really helped me alot. I was afraid someone installed a backdoor useraccount or something, but it seems it belongs to zenno.
Knowing that now for sure, I have to emphasize the neccessity of a VM for Zennoposter.
My system got infected over the last weekend (ransomware, the trojan locks you out), and the initial infection took place by a banner ad that got cached in the mentioned admin-sama folder. From there it went to autostart and established the loading of a "firefox.exe" that was in fact the trojan. Though I were able to kill the process (have a taskmanager in my logitech g15 keyboard), I am still researching what took place and if there's still malware left deep in the system (rootkits etc).
Most of the time I use sandboxie when I use public proxies, seems to me, that theres a risk of an infection if somebody prepares his proxy server to deliver you some malware. Second risk is letting Zenno post to random sites /big lists where you don't know what's happening there. This also affects tools like AMR, NohandsSeo, Scrapebox etc.
I have yet to decide if I format the system (it's offline since sunday) or if I trust several AV kits... but for sure, I will add alot of VMs for my online tasks...
Hope thats a warning for everybody who didn't use virtual machines till now...
(and you can't trust your AV once you got infected - I had Comodo running on paranoid settings for AV,Firewall and Defense - and it didn't caught the trojan)
