I found this suspicious file runn.php in one of my album folder,downloaded it and then deleted it.
This line :$controller = "http://www.ucpix.de/img/host2.php";

it looks like a trojan script.I really don't know how does it come in.

Someone is able to access your files & folders. See http://www.zenphoto.org/2008/08/troubleshooting-zenphoto/#29