Windows 10 Security Breach, How?

Hi Team

Around 3am this morning I had noticed my computer at the login prompt screen, which it has never done before, so I went to login with my password and it was rejected, I tried a few times without success.

Then I noticed someone typing my account name in the password box, yes, I saw the letters being typed and no password masking ********

So I then switched the computer off and rebooted into recovery console and did a Restore point from the other day and restarted and logged in fine, but in the Downloads folder there were 2 files in there downloaded 30 mins ago called AnyDesk.exe and gcapi.dll, I then ran a scan on the system and it found 3 registry entrees and file

Registry Key: 3
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Firefox Default Browser Agent 7743CA9CB8B798ED, Quarantined, 12828, 1218032, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5B8F8578-E984-4729-B99B-39363F3C65B8}, Quarantined, 12828, 1218032, , , , , ,
Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5B8F8578-E984-4729-B99B-39363F3C65B8}, Quarantined, 12828, 1218032, , , , , ,

File: 1
Trojan.SmokeLoader.TSK, C:\WINDOWS\SYSTEM32\TASKS\Firefox Default Browser Agent 7743CA9CB8B798ED, Quarantined, 12828, 1218032, 1.0.80470, , ame, , E637D6F45411522DB1BD7B3926BFE0F4, 0948A75BFF970254463488A9F69FD91A19165B876D7B7DFD9DC2C554C1516B32

Not sure if it's releated

Can someone explain how this happenned and to stop it happenning again?