Task: {87163D6F-CC41-4859-AE99-D6EE238706C1} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {912EB24A-76FF-42D7-A853-3AF9E7560D28} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {C2B8FF53-BBF5-43DE-B40A-280999B7180E} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {EA969B2B-5050-4AB1-B256-F00047F13E5D} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: