If you can't see the port open with operating system tools and you suspect an intrussion it could be that a rootkit has been installed.

The rootkit could have changed systems tools to avoid certain processes and ports or changed kernel modules.

You can check for rootkit with several automated tools. 'apt-cache search rootkit' shows the following in Ubuntu:

chkrootkit - rootkit detector rkhunter - rootkit, backdoor, sniffer and exploit scanner unhide - Forensic tool to find hidden processes and ports

If you happen to have a rootkit you can revert the 'changed' to your system but I recommend that you find out how the intrussion was made and harden the system for it not to repeat.

They are not exclusive to Ubuntu, you can use them in CentOS too. Just look for the package or download it from their page.

By the output from that port it seems you're running pcanywhere indeed: "�Ы� <Enter>" is very similar to "Please press <Enter>" which is pcanywhere welcome message. I don't know why the process doesn't show up in the process list. Are you root?

You can try rebooting to see if it's a one time process running, as well.