New
#1
strange files in the windows 7 temp folder ,help
hi
I have noticed some strange files inside c:\Windows\Temp\
called
if i delete them , they did appear after every reboot , can't understand what progra does generate themCode:c:\Windows\Temp\XYZ1C6.tmpc:\Windows\Temp\XYZ1C7.tmpc:\Windows\Temp\XYZ1B4.tmpc:\Windows\Temp\XYZ1B5.tmp
no updated , just an antivirus Kaspersky free updated
for example they start with
and one file withCode:<xs:schema targetNamespace="http://schemas.microsoft.com/win/2004/08/events" elementFormDefault="qualified" xmlns:man="http://schemas.microsoft.com/win/2004/08/events" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:simpleType name="GUIDType"> <xs:annotation> <xs:documentation> A globally unique identifier in Registry format. e.g. {12345678-4321-ABCD-1234-9ABCDEF012345678}. Use GUIDGen.exe or UUIDGen.exe to create a GUID. </xs:documentation>
i'm worried , i have scanned with kaspersky and malwarebyte , I can't understand what program/s does or do generate themCode:<instrumentationManifest xmlns="http://schemas.microsoft.com/win/2004/08/events" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.microsoft.com/win/2004/08/events eventman.xsd"> <metadata name="evt:meta/winTypes"> <channels> <channel name="TraceClassic" type="Debug" symbol="WINEVENT_CHANNEL_CLASSIC_TRACE" value="0" message="$(string.channel.TraceClassic)"> Events for Classic ETW tracing. </channel> <channel name="System" type="Admin" symbol="WINEVENT_CHANNEL_GLOBAL_SYSTEM" isolation="System" value="8" message="$(string.channel.System)"> Events for all installed system services. This channel is secured to applications running under system service accounts or user applications running under local adminstrator privileges. </channel> <channel name="Application" type="Admin" symbol="WINEVENT_CHANNEL_GLOBAL_APPLICATION" isolation="Application" value="9" message="$(string.channel.Application)"> Events for all user-level applications. This channel is not secured and open to any applications. Applications which log extensive information should define an application-specific channel. </channel> <channel name="Security" type="Admin" symbol="WINEVENT_CHANNEL_GLOBAL_SECURITY" isolation="System" value="10" message="$(string.channel.Security)"> The Windows Audit Log. For exclusive use of the Windows Local Security Authority. User events may appear as audits if supported by the underlying application. </channel> </channels>
at the beginning i tought about Performance Counters Schema and i have disabled via
can I ask you if you have these files?Code:it could be disabled with cmd as administratorto disable diskperf -Nto enable diskperf -Y
and if you know from where do they come?
runned sfc /scannow , chkdsk
the files do look like
https://github.com/nihon-tc/Rtest/bl...e/eventman.xsd
thanks
Last edited by drugo; 04 Oct 2023 at 11:45.