It's an idea. The anti-virus identifided this:
28-09-2010 18:56:53 HTTP filter file
http://86.55.211.118/phxop001/l.php?i=2 a variant of Win32/Kryptik.GZK trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\javaw.exe.
28-09-2010 18:19:43 HTTP filter file
http://rezamaj.co.cc/CVMGCi8JNBdZDYV...zgPdJh?s=samba& a variant of Win32/Kryptik.EWF trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\javaw.exe.
28-09-2010 18:19:34 HTTP filter file
http://rezamaj.co.cc/client.zip Java/TrojanDownloader.Agent.NBU trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Application Data\Microsoft\Windows\shell.exe.
28-09-2010 18:07:07 HTTP filter file
http://mneboras.com/mneboras9/files/bobbystellar.jar multiple threats connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Definições locais\Temp\0.9025880865312967.exe.
28-09-2010 18:07:04 HTTP filter file
http://mneboras.com/mneboras9/files/java.jar Java/Exploit.Agent.NAL trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Definições locais\Temp\0.9025880865312967.exe.
I did some search and it's a root-kit. Downloaded the removal tool from kaspersky but didn't found anything. Then downloaded, installed and runned emsisoft anti-malware, but didn't found any thing.
Possibly do it again in safe mode.