Agent CW

syky17 · Příspěvekod **syky17** » 10 dub 2009 15:27

Dobrý den, stručně k věci:
jak účinně zlikvidovat rootkit Trojan horse Rootkit-Agent.CW, který se "uhnízdil" na C/WINDOWS/system32/drivers/ atd.
Pořát mi to avg8,5 propomina ze tam je..po kontrole to porat zobrazuje...nevite co s tim jak se toho zbavit??

Reklama

Příspěvekod **memphisto** » 10 dub 2009 15:33

Vlož sem log z HijackThis (návod v podpise)

syky17 · Příspěvekod **syky17** » 10 dub 2009 15:39

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:21, on 10.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\pc\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pc] C:\Documents and Settings\pc\pc.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4817 bytes

Příspěvekod **jaro3** » 10 dub 2009 15:56

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

syky17 · Příspěvekod **syky17** » 10 dub 2009 16:14

Malwarebytes' Anti-Malware 1.36
Verze databáze: 1962
Windows 5.1.2600 Service Pack 3

10.4.2009 16:14:16
mbam-log-2009-04-10 (16-14-09).txt

Typ skenu: Rychlý sken
Objektu skenováno: 64165
Uplynulý cas: 1 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 34

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Documents and Settings\pc\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN2C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN38.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN3A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN3B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN3D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN3E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN3F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN40.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN44.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN4F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BN50.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pc\Local Settings\Temp\BNA1.tmp (Trojan.Agent) -> No action taken.

/odstraněna citace. není potřeba citovat příspěvek nad tebou.je jasné, na co reaguješ. memphisto

Příspěvekod **jaro3** » 10 dub 2009 16:26

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u AVG.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

syky17 · Příspěvekod **syky17** » 10 dub 2009 16:32

Malwarebytes' Anti-Malware 1.36
Verze databáze: 1962
Windows 5.1.2600 Service Pack 3

10.4.2009 16:32:04
mbam-log-2009-04-10 (16-32-04).txt

Typ skenu: Rychlý sken
Objektu skenováno: 64374
Uplynulý cas: 53 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 34

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Documents and Settings\pc\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN3A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN3B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN3D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN3E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN3F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN40.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN44.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN4F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BN50.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Local Settings\Temp\BNA1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

syky17 · Příspěvekod **syky17** » 10 dub 2009 16:33

jinak s combofix jsme zkousel, ale nevim, co mam presne u avg vypnout..poradis??

Příspěvekod **jaro3** » 10 dub 2009 16:37

V systray (dolní lišta) jsou jedna nebo dvě ikony AVG ( přesně nevím). pravým na ně klikni a vyber antivirus and antispyware disabled(enabled) - nebo nějak podobně, prostě na to klikni ( zpět se to dává stejným způsobem).

syky17 · Příspěvekod **syky17** » 10 dub 2009 16:42

nic takovyho tu nemam mam jednu ikonu a na ni pravim ukoncit aktualizovat a otevrit....max. muzu vyp. firewall, ale stejne to combofix hlasi ze chyba..nwm...

Příspěvekod **jaro3** » 10 dub 2009 16:44

tak tam dej ukončit( exit), po restartu se ti tam pak vrátí.Ten firewall taky deaktivuj.

syky17 · Příspěvekod **syky17** » 10 dub 2009 16:47

ok ale stejne to hlasi ze to muze ohrozit...mas icq??...

Agent CW Vyřešeno

Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Re: Agent CW

Kdo je online