公司几台服务器中了毒，把病毒发给了瑞星，说是Backdoor.IRCBot.ejw，可是没有告诉我怎么删除啊，NT不能进安全模式的，只能手工删除。手工删除2个病毒文件U。EXE和OPENSSL32.EXE后把服务里加载的OPENSSL也禁用了，可是在注册表里的一些相关键值却删除不了报错无法删除。而NT又不能用冰刃，到底怎么办啊，现在开机过不了多久就又发了，症状有无法使用网上邻居，无法打开服务，事件查看器等，练关机也不行，要强制关。

谢谢哪个好心人了，帮帮忙啊
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OPENSSL]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OPENSSL\0000]
"Service"="openSSL"
"FoundAtEnum"=dword:00000001
"Class"="Unknown"
"ClassGUID"="{4D36E97E-E325-11CE-BFC1-08002BE10318}"
"Problem"=dword:00000000
"StatusFlags"=dword:00000000
"BaseDevicePath"="HTREE\\ROOT\\0"
"DeviceDesc"="openSSL"

Logfile of HijackThis v1.99.1
Scan saved at 13:27:47, on 13/11/2006
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.00 (5.00.2014.0200)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
D:\Program Files\Trend\SProtect\SpntSvc.exe
C:\WINNT\System32\conime.exe
D:\Program Files\Trend\SProtect\StWatchDog.exe
D:\Program Files\Trend\SProtect\StOPP.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\llssrv.exe
C:\MSSQL\BINN\SQLSERVR.EXE
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\System32\Internat.exe
C:\WINNT\Profiles\864031\桌面\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKCU\..\Run: [Internat.exe] Internat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com.cn/webscanner/kavwebscan_unicode.cab
O16 - DPF: {FC25B780-75BE-11CF-8B01-444553540000} (Chart Object) - http://activex.microsoft.com/activex/controls/iexplorer/x86/iechart.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 202.96.199.133 202.96.209.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 202.96.199.133 202.96.209.5
O23 - Service: 34100 - Unknown owner - \\61.152.213.230\Admin$\eraseme_22717.exe (file missing)
O23 - Service: 84543 - Unknown owner - \\61.152.213.230\Admin$\eraseme_16365.exe (file missing)
O23 - Service: pcANYWHERE Host Service (awhost32) - Symantec Corporation - C:\Program Files\pcANYWHERE\awhost32.exe
O23 - Service: Intel PDS - Unknown owner - C:\WINNT\System32\cba\pds.exe (file missing)
O23 - Service: MS Office Updater Service - Unknown owner - C:\WINNT\msrvs32.exe (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\System32\MsiExec.exe (file missing)
O23 - Service: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - D:\SAV\Rtvscan.exe
O23 - Service: Trend ServerProtect (SpntSvc) - Trend Micro Inc. - D:\Program Files\Trend\SProtect\SpntSvc.exe
O23 - Service: Windows Network Logs (syslog) - Unknown owner - c:\winnt\system32\syslog.exe (file missing)