Detektirani podaci u registru: 2
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|DhcpNameServer (Trojan.DNSChanger) → Loše: (91.194.254.105) Dobro: () → Nije pokrenuta niti jedna akcija.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{9250CD9C-E995-404B-A349-FC768F868073}|DhcpNameServer (Trojan.DNSChanger) → Loše: (91.194.254.105) Dobro: () → Nije pokrenuta niti jedna akcija.

This IP address (91.194.254.105) is default (together with 8.8.8.8 - Google DNS) DNS server from my ISP.
Anyway,I am currently using Open DNS. Avast and AdwCleaner logs are clean and I don’t have any problems.
Is this false positive ?

Hi abruptum,

If it is not a FP, read: http://www.spywareguide.com/spydet_2371_dnschanger_trojan.html
and here: http://www.symantec.com/security_response/writeup.jsp?docid=2006-050211-4750-99&tabid=2
also consider this: https://www.virustotal.com/en/ip-address/91.194.254.105/information/
and the Russian hack performed: http://stackoverflow.com/questions/28913833/hack-roter-dns-settings-changed

You know the routine whenever you would like to have a qualified remover here look into the matter.

pozdravi,

polonus