Task: {4070DDBB-F7EE-4EF8-A36C-4171AFBEA1B9} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {C3D9E364-7279-4459-9BAB-9824D81E1BD8} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {F76C3338-9187-43E4-BC3B-30BF7DAF5E33} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: {BD63D88A-25FC-440E-A3C1-771025144BF3} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
File: C:\Windows\System32\winlogui.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Unlock: C:\WINDOWS\system32\sysmain.dll
FILE: C:\WINDOWS\system32\sysmain.dll
FILE: C:\Windows\System32\winscomrssrv.dll
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: