Open ports...getting hacked?

[Simulate030]

Hey all (I'm kinda embarrassed to be posting so many topics so quickly asking for help, but these are some issues I've been having for a while and may be serious... but this is probably my last problem topic for a while )

Here goes... a few days ago, I was suspecting that I had a trojan or was being hacked. I turned off my Internet for a few minutes and checked ZoneAlarm, and it reported that SVCHOST.exe (Generic host for win32 processes, i think?) was trying to access 2 ports... 5000 and 1026. So I closed these ports.

A few days later, I repeated the same thing, but this time SVCHOST.exe was trying to access port 1027, and had a hand on the icon... I believe this means Sharing, if I'm not mistaken. Closed this as well. I haven't been able to see what IP it's trying to access or anything along those lines... not sure how to find out, but it might be pretty useful to solve this.

Now I blocked ports 1020-1029 (don't know if it'll do anything as I'm not really an expert) for this service... I have ZAP enabled to let SVCHOST access the internet (no programs can access the internet unless this is done), but I had no idea all of these ports would be opened... actually, I don't know much about the service, but I'm pretty confused right now. I have a feeling this is something malicious, not just a normal port, especially because of the sharing icon.

And, can a hacker use ANY port to get in?

What do you guys think, what should I do?

Thanks a lot, guys.

[Simulate030]

Also, once when I shut down my comp it stopped to end some program called 'shouldnt see me'... no file name, just that title. Couldn't find it, either..

*sigh*

[Paft]

SCVHOST is a good program. It's a nice, docile program that Windows needs to use. And it ups the IP because it's a trail/failure method to make sure that it is able to access the internet.

Now that 'shouldn't see me' thing is wierd. PM me with your IP so I can run nmap and see if anything's open that really shouldn't be?