Phil97

Thank you, I had posed a similar question at the Microsoft forum and have been informed that this is completely normal behavior in Windows 11. The svchost services I listed are per-user-services, which are run under the logged-in user account: https://learn.microsoft.com/en-us/windows/application-management/per-user-services-in-windows Sorry for any inconvenience I caused

Hello, I have encountered a problem today which leads me to be uncertain about whether or not I have a virus on my PC. Today I got a notification that svchost tried to access a protected folder (\Device\HarddiskVolume3). While researching svchost, I found out that svchost should not be running under the user account and that if it does, it at least indicated a virus infection in the past. There are multiple svchost processes running under my account name. I ran both a full Windows Defender check (after making sure it is up to date) as well as a regular Malwarebytes scan. None of them managed to find anything. VirusTotal also did not pick up anything for the svchost.exe, it is the one in the System32 folder, and the signer is verified. Using Process Explorer, I managed to find out that their services are: CDPUserSvc_8305cab, webthreatdefusersvc_8305cab, WpnUserService_8305cab, cdbhsvc_8305cab, UdkUserSvc_8305cab, NPSMSvc_8305 and finally the following all for one process OneSyncSvc_8305cab, PimIndexMaintenanceSvc_8305cab, UnistoreSvc_8305cab and UserDataSvc_8305cab. I am using Windows 11. Could somebody please tell me what next steps I should take? Is there any way to make sure that there is or isn't malware present? Thank you in advance!