Hello again guys.
We have finally reach a solution.
w32.virut.cf seems it has a new form.
Basicly the whole infection thing has 2 phases.
phase 1 is w32.virut.cf and what it comes after this is phase 2 with ipz.exe and its service it creates, the Intelligent P2P Zombie.
Virut can be cleaned with symantec client or using any common malware removal tools.
Things you need to know for zombie::::
Intelligent p2p zombie sends icmp packets randomly to all the ports available .(but dont get stressed . The reason is comming up next)
If you are using Radmin Application intelligent p2p zombie will start spread ipz.exe and copy itself on every client that has an active radmin service with the same radmin user authentication.
That means that it will use the Radmin default udp port 4899 and tcp port 310 (change the default radmin port and half job is done)
While you are on disinfection status never use an domain administrator account to elevate any applications
Disable all network shares and shut down the system restore.
Be sure that all your workstation are having a unique local admin password.
Isolate the infacted workstations out of the network
First workstations and servers that are gonna bi hit are the ones with the same either radmin authentication credentials or local admin or both.
ipz and intelligent p2p zombie clean up is easy and straight forward :::
Kill from Task manager Ipz.exe process and from msconfig , disable Intelligent P2P Zombie service.
Search on Windows\system32 for ipz.exe and ipz-db.bin and delete them both.
Delete from Windows\Prefetch all ipz*.pf files.
Check on windows\system32\drivers\etc if the host apart from 127.0.0.1 record has a www.brenz.pl record also. If it does just delete the new record.
Next step is :::
Go on regedit and delete
For XP MAchines ::::
HKEY_CURRENT_USER\Software\Micorsoft\Search assisten\ACMru\5603
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IPZ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPZ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPZ
For Vista and Win7 machines :::
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IPZ
Also to be 100% sure do a whole registry search for any ipz records!!
Most of times when you will try to erase some of those keys you will get an access deny. Solution is easy. Go right click -->permitions advanced --> owner tab and replace ownership for the local admin. After this on EVERYONE give full permition and apply. Then just kill it.
Thats all.
thank you guys again for your help and i hope what we discovered will help others :)