Sorry for triple post, but I think I have managed to get rid of this f**** by myself!
I ran the folowing script in Avenger, but since I could not get into Windows proper, only into Safe mode, and since ComboFix installed Recovery console I deleted .sys file by hand, and Avenger deleted registry entries.
So, here's the script:
Files to delete:
C:\WINXP\system32\drivers\nhysngpk.sys
Drivers to delete:
nhysngpk
,
and Avenger log is in the attachment. Now I'm installing MBAM and some firewall, and I hope that this would not happen soon.
As for this virus, I think that the key to deleting it is to remove siszyd32.exe and random named sys which installs itself as driver. I think that easiest way to do this is with Avenger. As for finding out the name of the malicious sys driver, I think that easiest way to find out is to wait for avast to display it to you, since sooner or later after starting the computer avast would warn me about suspicious file, which it self could not delete.
I hope that this would help someone.