In my customer's system, we have some defunct processes. Owner userid of most of them are 0000104. This userid is not existing. It seems that user tried to change user. I have made a little search in web and they all say that there should be other zones and that user may be in one of them, but we don't have any zones rather than the global one. Who may this userid be? Why did it try to change user? Customer want to learn this because of security reasons.
This project file may be the case, I'll work on it with the customer, thanks.
About the zombie processes, yes we're aware of that these processes are not a security threat NOW. But when they were not zombies yet, a user that we don't know tried to do some operations. That's why we're investigating.