Ok, so I'm having these weird outbound connection attempts on port 41, sourcing from various applications I happen to have running.
Wireshark reveals connections that are not shown in Comodo's connections list.
The applications were not running simultaneously at time of screenshot, but the 188.8.131.52 connections only appeared in Wireshark. NMapping 184.108.40.206 showed a linux box with two open ports one being http, both being identified as some sort of redirect service, but it didn't respond with webpage when connected on.
Could this be a rootkit? (Can't see a suspicious entry in LOCAL_MACHINE or CURRENT_USER run entries, or startmenu. Didn't check ActiveX listing.)
I temporally globally disallowed ip 220.127.116.11.
Edited by Partikkeli, 19 December 2013 - 07:46 AM.