Had a machine at work where a zero-day made it through our different layers onto a PC.
We caught it and the PC is being re-imaged tomorrow.
Last time this happened one of my colleagues on the Help Desk was adamant that you don't need to re-image and that stuff like Combo-Fix and Malware Bytes do a good enough job.
Now if it's "only" something like a browser toolbar then I do think that clean-up's can have their place, but for something of the likes of Zeus I don't see any option other than to nuke it from orbit as it's the only way to be sure right?
Of course, that's easy to say when I'm not the guy doing the wiping and I'm getting daggers for creating work for our Help Desk guys.. oh the joys of getting to pull rank.. :-)
What's your policy?