Hacking/Netstat

netstat -a is enough to show the the IP and ports.

The port may not be a random port. One can connect using the Remote Desktop Protocol, which by default uses port 3389.

One can also connect using other assigned protocols and their ports.

 

When you see established connections by Firefox, you are viewing connections to and from the server it made requests to, i.e. the Web server that sends the requested Web page(s) and its content (images, ads, text, etc).

You may even see multiple IP addresses for Firefox because a Web page can contain content that comes from multiple Web servers.

Those are opened connections and only you can cause the connection by requesting content (by opening Firefox or clicking on a link).

The connections made by Avast are specifically for updating definitions, updating the program or sending reports to Avast servers.

Again, those Avast connections are initiated by you or are set as automatic per your Avast settings.

If you connect to the Internet using a router, then nobody can connect to your computer unless you first allow them to connect. The exceptions are if you have software that "listens" for connections, such as messenger programs, skype, etc., or if you have a trojan infection that is awaiting connections from some criminal.

If you do a netstat and don't see any opened TCP ports then you are most likely safe.

 

Yes, the key is "something I did not open or execute. "

However...

If a hacker got in, it would likely be via a backdoor trojan or similar malware. The PID won't necessarily clue you as to what's going on because some malware will open an iexplore process (Internet Explorer) to communicate to its botnet server, or you may see a PID associated with rundll.exe, which is used to load a hidden executable and it might not have a name.

The best way to be sure you are hacker free is to use a decent antivirus as well as a couple antimalware programs like malwarebytes antimalware and superantispyware.