Ich bin anscheinend mit Malware infiziert. Insbesondere werde ich von Zeit zu Zeit (normalerweise alle paar Tage) auf eine Seite weitergeleitet, auf der ich aufgefordert werde, etwas herunterzuladen, normalerweise eine "neue Version von Flash". Vermutlich ist es nichts dergleichen, sondern tatsächlich ein Virus oder Trojaner.
Ich verwende die google-chromeVersion 30.0.1599.114 unter Debian Linux und bin mir ziemlich sicher, dass dies durch eine Erweiterung verursacht wird. Ich weiß, dass ich meine Erweiterungen einfach deinstallieren oder meinen ~/.config/google-chromeOrdner löschen kann , aber ich würde es lieber nicht tun. Ich möchte die Erweiterung, die dies verursacht, identifizieren und nur diese entfernen.
Beim Versuch, dies zu debuggen (danke an @Braiam), habe ich den Ereignisprotokollierer eingecheckt chrome://net-internals/#eventsund nach einer der URLs gesucht, zu denen ich umgeleitet werde:
Die Inhalte der chrome://net-internals/#eventssind:
122667: URL_REQUEST
http://cdn.adnxs.com/p/d9/32/a3/72/d932a372371bd0a47ba7e2a73649a8d0.swf?clickTag=http%3A%2F%2Ffra1.ib.adnxs.com%2Fclick%3FSRPvAE9aoD_c-TxO6i6ZP-kmMQisHO4_3Pk8TuoumT9JE-8AT1qgP3vmRkLiiPF6ljpJTzhxcH-5rRRTAAAAABwgIwByBwAAPwEAAAIAAADRAMMAVqgFAAAAAQBVU0QAVVNEANgCWgDHsgAAFIsAAQUCAQIAAIwAeiTtsAAAAAA.%2Fcnd%3D%2521NgbzOgjzkMEBENGBjAYY1tAWIAA.%2Freferrer%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fif%253Fenc%253DgbdAguLHaD8eqb7zixJkP_LSTWIQWOk_Hqm-84sSZD-At0CC4sdoP2mCZbZYUNUFljpJTzhxcH-3rRRTAAAAAJL-IgB2AgAAUAMAAAIAAAA9ocQAN0sEAAAAAQBVU0QAVVNEANgCWgD8ogAA58sAAgUCAQIAAIwA9idtvAAAAAA.%2Fclickenc%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fclick%253FXkiHhzB-Wj-D_TJz3IRWP3E9CtejcNU_g_0yc9yEVj9eSIeHMH5aP_ygL0YyHDQoljpJTzhxcH-2rRRTAAAAAEJLIQBJAQAAVwMAAAIAAACL0cUA0WAFAAAAAQBVU0QAVVNEANgCWgDQMgAAUdQDAQUCAQIAAIwA3yN4YgAAAAA.%252Fcnd%253D%25218gXSNwiT18QBEIujlwYY0cEVIAA.%252Freferrer%253Dhttp%253A%252F%252Fwww.imgclck.com%252Fserve%252Fimgclck.php%252Fclickenc%253Dhttp%253A%252F%252Foptimized-by.rubiconproject.com%252Ft%252F9164%252F15602%252F101258-2.3581666.3755480%253Furl%253Dhttp%25253A%25252F%25252Fwww.downloadchop.com%25252Fgo%25252Flightspark%25253Fsource%25253Dybrant_lightspark-fr%252526adprovider%25253Dybrant%252526ce_cid%25253Dfra1CJb1pPqEp5y4fxACGPvMm5KknOL4eiINODIuMjI5LjIyLjE2NigBMLnb0pgF%252526subid%25253D2301980
Start Time: 2014-03-03 17:28:41.358
t=1393864121358 [st= 0] +REQUEST_ALIVE [dt=334]
t=1393864121359 [st= 1] +URL_REQUEST_START_JOB [dt=332]
--> load_flags = 134349184 (ENABLE_LOAD_TIMING | ENABLE_UPLOAD_PROGRESS | MAYBE_USER_GESTURE | VERIFY_EV_CERT)
--> method = "GET"
--> priority = 2
--> url = "http://cdn.adnxs.com/p/d9/32/a3/72/d932a372371bd0a47ba7e2a73649a8d0.swf?clickTag=http%3A%2F%2Ffra1.ib.adnxs.com%2Fclick%3FSRPvAE9aoD_c-TxO6i6ZP-kmMQisHO4_3Pk8TuoumT9JE-8AT1qgP3vmRkLiiPF6ljpJTzhxcH-5rRRTAAAAABwgIwByBwAAPwEAAAIAAADRAMMAVqgFAAAAAQBVU0QAVVNEANgCWgDHsgAAFIsAAQUCAQIAAIwAeiTtsAAAAAA.%2Fcnd%3D%2521NgbzOgjzkMEBENGBjAYY1tAWIAA.%2Freferrer%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fif%253Fenc%253DgbdAguLHaD8eqb7zixJkP_LSTWIQWOk_Hqm-84sSZD-At0CC4sdoP2mCZbZYUNUFljpJTzhxcH-3rRRTAAAAAJL-IgB2AgAAUAMAAAIAAAA9ocQAN0sEAAAAAQBVU0QAVVNEANgCWgD8ogAA58sAAgUCAQIAAIwA9idtvAAAAAA.%2Fclickenc%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fclick%253FXkiHhzB-Wj-D_TJz3IRWP3E9CtejcNU_g_0yc9yEVj9eSIeHMH5aP_ygL0YyHDQoljpJTzhxcH-2rRRTAAAAAEJLIQBJAQAAVwMAAAIAAACL0cUA0WAFAAAAAQBVU0QAVVNEANgCWgDQMgAAUdQDAQUCAQIAAIwA3yN4YgAAAAA.%252Fcnd%253D%25218gXSNwiT18QBEIujlwYY0cEVIAA.%252Freferrer%253Dhttp%253A%252F%252Fwww.imgclck.com%252Fserve%252Fimgclck.php%252Fclickenc%253Dhttp%253A%252F%252Foptimized-by.rubiconproject.com%252Ft%252F9164%252F15602%252F101258-2.3581666.3755480%253Furl%253Dhttp%25253A%25252F%25252Fwww.downloadchop.com%25252Fgo%25252Flightspark%25253Fsource%25253Dybrant_lightspark-fr%252526adprovider%25253Dybrant%252526ce_cid%25253Dfra1CJb1pPqEp5y4fxACGPvMm5KknOL4eiINODIuMjI5LjIyLjE2NigBMLnb0pgF%252526subid%25253D2301980"
t=1393864121359 [st= 1] HTTP_CACHE_GET_BACKEND [dt=0]
t=1393864121359 [st= 1] HTTP_CACHE_OPEN_ENTRY [dt=0]
--> net_error = -2 (ERR_FAILED)
t=1393864121359 [st= 1] HTTP_CACHE_CREATE_ENTRY [dt=0]
t=1393864121359 [st= 1] HTTP_CACHE_ADD_TO_ENTRY [dt=0]
t=1393864121359 [st= 1] +HTTP_STREAM_REQUEST [dt=1]
t=1393864121360 [st= 2] HTTP_STREAM_REQUEST_BOUND_TO_JOB
--> source_dependency = 122670 (HTTP_STREAM_JOB)
t=1393864121360 [st= 2] -HTTP_STREAM_REQUEST
t=1393864121360 [st= 2] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=1393864121360 [st= 2] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /p/d9/32/a3/72/d932a372371bd0a47ba7e2a73649a8d0.swf?clickTag=http%3A%2F%2Ffra1.ib.adnxs.com%2Fclick%3FSRPvAE9aoD_c-TxO6i6ZP-kmMQisHO4_3Pk8TuoumT9JE-8AT1qgP3vmRkLiiPF6ljpJTzhxcH-5rRRTAAAAABwgIwByBwAAPwEAAAIAAADRAMMAVqgFAAAAAQBVU0QAVVNEANgCWgDHsgAAFIsAAQUCAQIAAIwAeiTtsAAAAAA.%2Fcnd%3D%2521NgbzOgjzkMEBENGBjAYY1tAWIAA.%2Freferrer%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fif%253Fenc%253DgbdAguLHaD8eqb7zixJkP_LSTWIQWOk_Hqm-84sSZD-At0CC4sdoP2mCZbZYUNUFljpJTzhxcH-3rRRTAAAAAJL-IgB2AgAAUAMAAAIAAAA9ocQAN0sEAAAAAQBVU0QAVVNEANgCWgD8ogAA58sAAgUCAQIAAIwA9idtvAAAAAA.%2Fclickenc%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fclick%253FXkiHhzB-Wj-D_TJz3IRWP3E9CtejcNU_g_0yc9yEVj9eSIeHMH5aP_ygL0YyHDQoljpJTzhxcH-2rRRTAAAAAEJLIQBJAQAAVwMAAAIAAACL0cUA0WAFAAAAAQBVU0QAVVNEANgCWgDQMgAAUdQDAQUCAQIAAIwA3yN4YgAAAAA.%252Fcnd%253D%25218gXSNwiT18QBEIujlwYY0cEVIAA.%252Freferrer%253Dhttp%253A%252F%252Fwww.imgclck.com%252Fserve%252Fimgclck.php%252Fclickenc%253Dhttp%253A%252F%252Foptimized-by.rubiconproject.com%252Ft%252F9164%252F15602%252F101258-2.3581666.3755480%253Furl%253Dhttp%25253A%25252F%25252Fwww.downloadchop.com%25252Fgo%25252Flightspark%25253Fsource%25253Dybrant_lightspark-fr%252526adprovider%25253Dybrant%252526ce_cid%25253Dfra1CJb1pPqEp5y4fxACGPvMm5KknOL4eiINODIuMjI5LjIyLjE2NigBMLnb0pgF%252526subid%25253D2301980 HTTP/1.1
Host: cdn.adnxs.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.114 Safari/537.36
Accept: */*
DNT: 1
Referer: http://ib.adnxs.com/tt?id=2301980&cb=1393864120&referrer=http://fra1.ib.adnxs.com/if?enc=gbdAguLHaD8eqb7zixJkP_LSTWIQWOk_Hqm-84sSZD-At0CC4sdoP2mCZbZYUNUFljpJTzhxcH-3rRRTAAAAAJL-IgB2AgAAUAMAAAIAAAA9ocQAN0sEAAAAAQBVU0QAVVNEANgCWgD8ogAA58sAAgUCAQIAAIwA9idtvAAAAAA.&pubclick=http://fra1.ib.adnxs.com/click?XkiHhzB-Wj-D_TJz3IRWP3E9CtejcNU_g_0yc9yEVj9eSIeHMH5aP_ygL0YyHDQoljpJTzhxcH-2rRRTAAAAAEJLIQBJAQAAVwMAAAIAAACL0cUA0WAFAAAAAQBVU0QAVVNEANgCWgDQMgAAUdQDAQUCAQIAAIwA3yN4YgAAAAA./cnd%3D!8gXSNwiT18QBEIujlwYY0cEVIAA./referrer%3Dhttp://www.imgclck.com/serve/imgclck.php/clickenc%3Dhttp://optimized-by.rubiconproject.com/t/9164/15602/101258-2.3581666.3755480?url%3D&cnd=%218yV7-QiCtsABEL3CkgYYACC3lhEwADj8xRpAAEjQBlCS_YsBWABgngZoAHAMeIABgAEMiAGAAZABAZgBAaABAagBA7ABALkBGWjVpdTIaD_BARlo1aXUyGg_yQFwmqHGvyLwP9kBAAAAAAAA8D_gAQA.&ccd=%21vwV6NgiCtsABEL3CkgYYt5YRIAA.&udj=uf%28%27a%27%2C+279660%2C+1393864119%29%3Buf%28%27c%27%2C+3152642%2C+1393864119%29%3Buf%28%27r%27%2C+12886333%2C+1393864119%29%3B&vpid=77&apid=189016&referrer=http%3A%2F%2Fwww.imgclck.com%2Fserve%2Fimgclck.php&media_subtypes=1&ct=0&dlo=1&pubclick=http://fra1.ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAALTIdr6fGus_AAAAAAAAAAAAAAAAAAAAAA-Oj4oIzbJcljpJTzhxcH-4rRRTAAAAANYjIwB6AgAAEAkAAAIAAAAfKcUAD5wFAAAAAQBVU0QAVVNEANgCWgCqqwAAtdQAAQUCAQIAAIwA6xZV3wAAAAA./cnd=%21GgafOwjH0sYBEJ_SlAYYj7gWIAE./referrer=http%3A%2F%2Ffra1.ib.adnxs.com%2Fif%3Fenc%3DgbdAguLHaD8eqb7zixJkP_LSTWIQWOk_Hqm-84sSZD-At0CC4sdoP2mCZbZYUNUFljpJTzhxcH-3rRRTAAAAAJL-IgB2AgAAUAMAAAIAAAA9ocQAN0sEAAAAAQBVU0QAVVNEANgCWgD8ogAA58sAAgUCAQIAAIwA9idtvAAAAAA.%26pubclick%3Dhttp%3A%2F%2Ffra1.ib.adnxs.com%2Fclick%3FXkiHhzB-Wj-D_TJz3IRWP3E9CtejcNU_g_0yc9yEVj9eSIeHMH5aP_ygL0YyHDQoljpJTzhxcH-2rRRTAAAAAEJLIQBJAQAAVwMAAAIAAACL0cUA0WAFAAAAAQBVU0QAVVNEANgCWgDQMgAAUdQDAQUCAQIAAIwA3yN4YgAAAAA.%2Fcnd%253D%218gXSNwiT18QBEIujlwYY0cEVIAA.%2Freferrer%253Dhttp%3A%2F%2Fwww.imgclck.com%2Fserve%2Fimgclck.php%2Fclickenc%253Dhttp%3A%2F%2Foptimized-by.rubiconproject.com%2Ft%2F9164%2F15602%2F101258-2.3581666.3755480%3Furl%253D%26cnd%3D%25218yV7-QiCtsABEL3CkgYYACC3lhEwADj8xRpAAEjQBlCS_YsBWABgngZoAHAMeIABgAEMiAGAAZABAZgBAaABAagBA7ABALkBGWjVpdTIaD_BARlo1aXUyGg_yQFwmqHGvyLwP9kBAAAAAAAA8D_gAQA.%26ccd%3D%2521vwV6NgiCtsABEL3CkgYYt5YRIAA.%26udj%3Duf%2528%2527a%2527%252C%2B279660%252C%2B1393864119%2529%253Buf%2528%2527c%2527%252C%2B3152642%252C%2B1393864119%2529%253Buf%2528%2527r%2527%252C%2B12886333%252C%2B1393864119%2529%253B%26vpid%3D77%26apid%3D189016%26referrer%3Dhttp%253A%252F%252Fwww.imgclck.com%252Fserve%252Fimgclck.php%26media_subtypes%3D1%26ct%3D0%26dlo%3D1/clickenc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,fr;q=0.6
Cookie: __gads=ID=386c1f6bc0285adb:T=1390666421:S=ALNI_MZXJdGrAsWELFKRsS7QcqnPTkuaMw; uuid2=9182964126870747798; sess=1; icu=ChIIr54TEAYYASAAKAEwu8_EmAUKEgiCyRUQBhgDIAAoAzDGkb-XBQoSCKraFRAGGAEgACgBMIyKv5cFChII5I8WEAYYASAAKAEw0szplwUKEgjXlhYQBhgCIAAoAjDFvM2YBQoSCP7-CBAKGAUgBSgFMMjU0pgFChIIpogJEAoYByAHKAcwqtXSmAUKEgiDtwoQChgdIB0oHTCx29KYBQoSCNuECxAKGAUgBSgFMPbX0pgFChII0aELEAoYASABKAEwuc3SmAUKEgjLzwsQChgBIAEoATDrzNKYBQoSCK7fCxAKGAEgASgBMJfH0pgFChII0eQLEAoYASABKAEw5czSmAUKEgi78AsQChgHIAcoBzDwyNKYBQoSCL_yCxAKGAEgASgBMKzV0pgFChIIkoAMEAoYAiACKAIwrdvSmAUKEgi3hQ0QChgBIAEoATCv1dKYBQoSCMWnDhAKGAcgBygHMOzY0pgFChII_KcOEAoYBSAFKAUwisHSmAUKEgiIqA4QChgEIAQoBDCr1dKYBQoSCJ7pDhAKGAUgBSgFMMnK0pgFChII3ukOEAoYICAgKCAwuNvSmAUKEgi0hw8QChgBIAEoATC2ydKYBQoSCOeVDxAKGAUgBSgFMMnK0pgFChII_J4PEAoYASABKAEwrtvSmAUKEgi_lxAQChgDIAMoAzC8zdKYBQoSCNCkEBAKGAIgAigCML3N0pgFChII6acQEAoYBiAGKAYw5dfSmAUKEgjpsRAQChgGIAYoBjCv1dKYBQoSCMy5EBAKGAEgASgBMO3U0pgFChII1uoQEAoYASABKAEwstXSmAUKEgipghEQChgIIAgoCDCJy9KYBQoSCIaeERAKGAQgBCgEMOzY0pgFChIIh54REAoYAyADKAMw79jSmAUKEgjJpREQChgBIAEoATCbytKYBQoSCI-yERAKGAEgASgBMInL0pgFChIIqbcREAoYAiACKAIwisvSmAUKEgievhEQChgBIAEoATCtw9KYBQoSCP7GERAKGAYgBigGMNzT0pgFChIIofMREAoYAyADKAMwttHSmAUKEgjK-xEQChgCIAIoAjCx1dKYBQoSCJ6BEhAKGBsgGygbMNvX0pgFChII9ogSEAoYBiAGKAYw18rSmAUKEgjvmRIQChgDIAMoAzDP2dKYBQoSCI2qEhAKGAQgBCgEMLXJ0pgFChIInLASEAoYAiACKAIw0srSmAUKEgjXsRIQChgCIAIoAjDYytKYBQoSCKO0EhAKGAMgAygDMKjV0pgFChIIvrQSEAoYByAHKAcw19jSmAUKEgjFthIQChgCIAIoAjD0zNKYBQoSCLHAEhAKGAEgASgBMKDE0pgFChIIqswSEAoYASABKAEwzsrSmAUKEgiv0hIQChgDIAMoAzCPwdKYBQoSCOTYEhAKGAEgASgBMLTV0pgFChIIrNkSEAoYByAHKAcw7MLSmAUKEgj-2xIQChgDIAMoAzCx1dKYBQoSCInfEhAKGAIgAigCMMDN0pgFChIIxuASEAoYByAHKAcw3dnSmAUKFQj14BIQChjIASDIASjIATC429KYBQoSCPfgEhAKGAEgASgBMMDN0pgFChII9-ISEAoYBCAEKAQw5djSmAUKEgjw5BIQChgDIAMoAzD4wdKYBQoSCJXqEhAKGAMgAygDMI3F0pgFChII6uwSEAoYAiACKAIwpNLSmAUKEgjB8BIQChgGIAYoBjC_zdKYBQoSCOTyEhAKGAIgAigCMPXM0pgFChII5fISEAoYAyADKAMw-czSmAUKEgiG8xIQChgHIAcoBzDQ2dKYBQoSCIuJExAKGBMgEygTMMTW0pgFChIIoIwTEAoYBSAFKAUw7dTSmAUKEgjDohMQChgBIAEoATC21dKYBQoSCI-wExAKGAUgBSgFMLrN0pgFChIIxLATEAoYBiAGKAYwqtXSmAUKEgjIsBMQChgDIAMoAzDzzNKYBQoSCLyyExAKGAQgBCgEMOnL0pgFChIIvrITEAoYASABKAEw2cnSmAUKEgj6shMQChgBIAEoATDbx9KYBQoSCMi2ExAKGAEgASgBMNnG0pgFChII5bgTEAoYAiACKAIwhNfSmAUKEgiXuRMQChgEIAQoBDDU2NKYBQoSCIq-ExAKGAYgBigGMMfC0pgFChIInsITEAoYASABKAEw2cbSmAUKEgibxRMQChgGIAYoBjCE0dKYBQoSCP_FExAKGAIgAigCMOjM0pgFChIIkcYTEAoYBCAEKAQwz8fSmAUKEgi3xhMQChgBIAEoATCfydKYBQoSCOvGExAKGAEgASgBMLjb0pgFChIIx8gTEAoYBCAEKAQw6NTSmAUKEgiFyhMQChgBIAEoATDTzNKYBQoSCI_KExAKGAIgAigCMMbU0pgFChIIu9ETEAoYAyADKAMw2sfSmAUKEgjr2BMQChgCIAIoAjC21dKYBQoSCIbbExAKGAIgAigCMLnb0pgFChIIzuUTEAoYASABKAEw8MzSmAUKEgj76RMQChgCIAIoAjCqydKYBQoSCIHrExAKGAEgASgBMKrJ0pgFELnb0pgFGNYE; anj=dTM7k!M4.g1IKw2hK`RZ[+9f#Abz#5Z8>#V-^@!KG9XLO4442ch)Pc]jvxZ!#GhOwx*meAdp/D)elWNRR%-I!MOpSn=J+VCrW%0=hj]Bz32M!LSOQ5gll*LP_br1!?zqWv$YT0!S8!Ssqbx<[gw>6wFG2.OXE$1'cEc8BdiTCWLi:P+XwDKQDr`LmI$bR^3u%?co]YbrY[FD44<J(CU/Gn<5H=tP`n<jx[Cz6px:fcFXbqHccp2?vY*$/m>4GqE.2:v`'pIRgJ@wKuwpOTY'2wRpvC`e.1o[gHdch:d8Ly_dx!x3SeM0^!qrZIi%XQ$0pC/UUYEnNS-^j>32us+UP1VB_*ML]?KovH`x8g7%)dRu@#?pr+Lx<$9w@Af%inZIpkFAP#Y`t[+c'OBbc?!FUlhh4fF<-9S<1`W1<W3_z!``x7Jhjeh
t=1393864121360 [st= 2] -HTTP_TRANSACTION_SEND_REQUEST
t=1393864121360 [st= 2] +HTTP_TRANSACTION_READ_HEADERS [dt=330]
t=1393864121360 [st= 2] HTTP_STREAM_PARSER_READ_HEADERS [dt=330]
t=1393864121690 [st=332] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 200 OK
Server: Apache
ETag: "d932a372371bd0a47ba7e2a73649a8d0:1393776550"
Last-Modified: Sun, 02 Mar 2014 16:09:10 GMT
Accept-Ranges: bytes
Content-Length: 5255
Content-Type: application/x-shockwave-flash
Date: Mon, 03 Mar 2014 16:28:41 GMT
Connection: keep-alive
t=1393864121690 [st=332] -HTTP_TRANSACTION_READ_HEADERS
t=1393864121690 [st=332] HTTP_CACHE_WRITE_INFO [dt=0]
t=1393864121690 [st=332] HTTP_CACHE_WRITE_DATA [dt=0]
t=1393864121690 [st=332] HTTP_CACHE_WRITE_INFO [dt=0]
t=1393864121691 [st=333] -URL_REQUEST_START_JOB
t=1393864121691 [st=333] HTTP_TRANSACTION_READ_BODY [dt=0]
t=1393864121691 [st=333] HTTP_CACHE_WRITE_DATA [dt=0]
t=1393864121691 [st=333] HTTP_TRANSACTION_READ_BODY [dt=1]
t=1393864121692 [st=334] HTTP_CACHE_WRITE_DATA [dt=0]
t=1393864121692 [st=334] HTTP_TRANSACTION_READ_BODY [dt=0]
t=1393864121692 [st=334] HTTP_CACHE_WRITE_DATA [dt=0]
t=1393864121692 [st=334] HTTP_TRANSACTION_READ_BODY [dt=0]
t=1393864121692 [st=334] HTTP_CACHE_WRITE_DATA [dt=0]
t=1393864121692 [st=334] -REQUEST_ALIVE
Und von den URL_REQUEST:
122669: DISK_CACHE_ENTRY
http://cdn.adnxs.com/p/d9/32/a3/72/d932a372371bd0a47ba7e2a73649a8d0.swf?clickTag=http%3A%2F%2Ffra1.ib.adnxs.com%2Fclick%3FSRPvAE9aoD_c-TxO6i6ZP-kmMQisHO4_3Pk8TuoumT9JE-8AT1qgP3vmRkLiiPF6ljpJTzhxcH-5rRRTAAAAABwgIwByBwAAPwEAAAIAAADRAMMAVqgFAAAAAQBVU0QAVVNEANgCWgDHsgAAFIsAAQUCAQIAAIwAeiTtsAAAAAA.%2Fcnd%3D%2521NgbzOgjzkMEBENGBjAYY1tAWIAA.%2Freferrer%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fif%253Fenc%253DgbdAguLHaD8eqb7zixJkP_LSTWIQWOk_Hqm-84sSZD-At0CC4sdoP2mCZbZYUNUFljpJTzhxcH-3rRRTAAAAAJL-IgB2AgAAUAMAAAIAAAA9ocQAN0sEAAAAAQBVU0QAVVNEANgCWgD8ogAA58sAAgUCAQIAAIwA9idtvAAAAAA.%2Fclickenc%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fclick%253FXkiHhzB-Wj-D_TJz3IRWP3E9CtejcNU_g_0yc9yEVj9eSIeHMH5aP_ygL0YyHDQoljpJTzhxcH-2rRRTAAAAAEJLIQBJAQAAVwMAAAIAAACL0cUA0WAFAAAAAQBVU0QAVVNEANgCWgDQMgAAUdQDAQUCAQIAAIwA3yN4YgAAAAA.%252Fcnd%253D%25218gXSNwiT18QBEIujlwYY0cEVIAA.%252Freferrer%253Dhttp%253A%252F%252Fwww.imgclck.com%252Fserve%252Fimgclck.php%252Fclickenc%253Dhttp%253A%252F%252Foptimized-by.rubiconproject.com%252Ft%252F9164%252F15602%252F101258-2.3581666.3755480%253Furl%253Dhttp%25253A%25252F%25252Fwww.downloadchop.com%25252Fgo%25252Flightspark%25253Fsource%25253Dybrant_lightspark-fr%252526adprovider%25253Dybrant%252526ce_cid%25253Dfra1CJb1pPqEp5y4fxACGPvMm5KknOL4eiINODIuMjI5LjIyLjE2NigBMLnb0pgF%252526subid%25253D2301980
Start Time: 2014-03-03 17:28:41.359
t=1393864121359 [st= 0] +DISK_CACHE_ENTRY_IMPL [dt=350]
--> created = true
--> key = "http://cdn.adnxs.com/p/d9/32/a3/72/d932a372371bd0a47ba7e2a73649a8d0.swf?clickTag=http%3A%2F%2Ffra1.ib.adnxs.com%2Fclick%3FSRPvAE9aoD_c-TxO6i6ZP-kmMQisHO4_3Pk8TuoumT9JE-8AT1qgP3vmRkLiiPF6ljpJTzhxcH-5rRRTAAAAABwgIwByBwAAPwEAAAIAAADRAMMAVqgFAAAAAQBVU0QAVVNEANgCWgDHsgAAFIsAAQUCAQIAAIwAeiTtsAAAAAA.%2Fcnd%3D%2521NgbzOgjzkMEBENGBjAYY1tAWIAA.%2Freferrer%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fif%253Fenc%253DgbdAguLHaD8eqb7zixJkP_LSTWIQWOk_Hqm-84sSZD-At0CC4sdoP2mCZbZYUNUFljpJTzhxcH-3rRRTAAAAAJL-IgB2AgAAUAMAAAIAAAA9ocQAN0sEAAAAAQBVU0QAVVNEANgCWgD8ogAA58sAAgUCAQIAAIwA9idtvAAAAAA.%2Fclickenc%3Dhttp%253A%252F%252Ffra1.ib.adnxs.com%252Fclick%253FXkiHhzB-Wj-D_TJz3IRWP3E9CtejcNU_g_0yc9yEVj9eSIeHMH5aP_ygL0YyHDQoljpJTzhxcH-2rRRTAAAAAEJLIQBJAQAAVwMAAAIAAACL0cUA0WAFAAAAAQBVU0QAVVNEANgCWgDQMgAAUdQDAQUCAQIAAIwA3yN4YgAAAAA.%252Fcnd%253D%25218gXSNwiT18QBEIujlwYY0cEVIAA.%252Freferrer%253Dhttp%253A%252F%252Fwww.imgclck.com%252Fserve%252Fimgclck.php%252Fclickenc%253Dhttp%253A%252F%252Foptimized-by.rubiconproject.com%252Ft%252F9164%252F15602%252F101258-2.3581666.3755480%253Furl%253Dhttp%25253A%25252F%25252Fwww.downloadchop.com%25252Fgo%25252Flightspark%25253Fsource%25253Dybrant_lightspark-fr%252526adprovider%25253Dybrant%252526ce_cid%25253Dfra1CJb1pPqEp5y4fxACGPvMm5KknOL4eiINODIuMjI5LjIyLjE2NigBMLnb0pgF%252526subid%25253D2301980"
t=1393864121690 [st=331] +ENTRY_WRITE_DATA [dt=0]
--> buf_len = 304
--> index = 0
--> offset = 0
--> truncate = true
t=1393864121690 [st=331] -ENTRY_WRITE_DATA
--> bytes_copied = 304
t=1393864121690 [st=331] +ENTRY_WRITE_DATA [dt=0]
--> buf_len = 0
--> index = 1
--> offset = 0
--> truncate = true
t=1393864121690 [st=331] -ENTRY_WRITE_DATA
--> bytes_copied = 0
t=1393864121690 [st=331] +ENTRY_WRITE_DATA [dt=0]
--> buf_len = 0
--> index = 2
--> offset = 0
--> truncate = true
t=1393864121690 [st=331] -ENTRY_WRITE_DATA
--> bytes_copied = 0
t=1393864121691 [st=332] +ENTRY_WRITE_DATA [dt=0]
--> buf_len = 2612
--> index = 1
--> offset = 0
--> truncate = true
t=1393864121691 [st=332] -ENTRY_WRITE_DATA
--> bytes_copied = 2612
t=1393864121692 [st=333] +ENTRY_WRITE_DATA [dt=0]
--> buf_len = 1448
--> index = 1
--> offset = 2612
--> truncate = true
t=1393864121692 [st=333] -ENTRY_WRITE_DATA
--> bytes_copied = 1448
t=1393864121692 [st=333] +ENTRY_WRITE_DATA [dt=0]
--> buf_len = 1195
--> index = 1
--> offset = 4060
--> truncate = true
t=1393864121692 [st=333] -ENTRY_WRITE_DATA
--> bytes_copied = 1195
t=1393864121693 [st=334] ENTRY_CLOSE
t=1393864121709 [st=350] -DISK_CACHE_ENTRY_IMPL
Scannen der DISK_CACHE_ENTRYShows, um sauber zu sein:
$ sudo clamscan -r .config/google-chrome/
[...]
Known viruses: 3138491
Engine version: 0.97.8
Scanned directories: 543
Scanned files: 1511
Infected files: 0
Data scanned: 70.93 MB
Data read: 135.29 MB (ratio 0.52:1)
Time: 22.528 sec (0 m 22 s)
Die bereitgestellten Seiten befinden sich häufig (möglicherweise immer, nicht sicher) in der xxx.adnx.comDomain (der xxxTeil variiert). Die Suche nach dieser Zeichenfolge im google-chromeVerzeichnis gibt Folgendes zurück:
$ grep -lR adnx .config/google-chrome/
.config/google-chrome/Default/Preferences
.config/google-chrome/Default/History Provider Cache
.config/google-chrome/Default/Cookies
.config/google-chrome/Default/Current Tabs
.config/google-chrome/Default/History
.config/google-chrome/Default/Archived History
.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/Y255TG9H/macromedia.com/support/flashplayer/sys/#cdn.adnxs.com/settings.sol
.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/Y255TG9H/macromedia.com/support/flashplayer/sys/settings.sol
.config/google-chrome/Default/Favicons-journal
.config/google-chrome/Default/Preferences~
.config/google-chrome/Default/Favicons
.config/google-chrome/Default/Cookies-journal
Meine installierten Add-Ons folgen. Dies sind die Add-Ons von Chrome:
"View Vote totals" without 1000 rep
AutoReviewComments 1.3.0
Chat Reply Helper for Stack Exchange sites 2.4.0
Close Tabs 1.1
Desktop Notifications for Stack Exchange 1.6.5.1
Docs PDF/PowerPoint Viewer (by Google) 3.10
Edit with Emacs 1.13
Hangout Chat Notifications 2.0.0
IE Tab 6.1.21.1
KBD Button for Stack Exchange sites 0.2.0
Sexy Undo Close Tab 7.4.13
Smooth Gestures 0.17.14
SmoothGestures: Plugin 0.9.1
Yet another flags 0.9.10.0
Diese stammen von Stack Apps :
Dude, where's my cursor 1.0
SE Comment Link Helper 1.0
Super User Automatic Corrector 1.0
threading-comments 1.0
stackexchange-tab-editing 1.0
Installierte Plugins:
Wie kann ich anhand dieser (oder anderer) Informationen feststellen, welches Add-On dies verursacht?
1
Der einzige Weg, den ich kenne, ist ein Versuch und Irrtum.
—
Ramhound
@ Ramhound ja. Das Problem ist, dass der Versuch und Irrtum-Ansatz Monate dauern kann, da dies nur selten alle paar Tage vorkommt, weshalb ich ihn noch nicht ausprobiert habe.
—
Terdon
@terdon |
—
Matthew Williams
clamscanwar genau das, woran ich dachte. Da es nur zeitweise auftritt, ist es unwahrscheinlich, dass Sie die Erweiterung finden, wenn Sie sie über einen bestimmten Zeitraum nicht herunterfahren und hinzufügen. Dies setzt voraus, dass es sich um ein Erweiterungsproblem handelt. Haben Sie bei Auftreten des Problems festgestellt, dass Ihre Aktivitäten konsistent sind?
@MatthewWilliams gar nichts. Es scheint völlig zufällig zu sein, aber ich weiß, dass es nur in Chrom vorkommt. Ich kann zum Beispiel einen Beitrag hier lesen und ohne Klicks werde ich plötzlich zu einer Seite zum Hinzufügen / Herunterladen weitergeleitet.
—
Terdon
Nur eine Notiz, brauchen Sie nicht Ihre Erweiterungen deaktivieren einen nach dem anderen . Deaktivieren Sie die Hälfte von ihnen für einige Tage, und schon bald haben Sie das Feld halbiert (es sei denn, Sie haben mehr als eine infizierte Erweiterung).
—
Alexis
