strange files in the windows 7 temp folder ,help

hi
I have noticed some strange files inside c:\Windows\Temp\

called

Code:

c:\Windows\Temp\XYZ1C6.tmpc:\Windows\Temp\XYZ1C7.tmpc:\Windows\Temp\XYZ1B4.tmpc:\Windows\Temp\XYZ1B5.tmp

if i delete them , they did appear after every reboot , can't understand what progra does generate them
no updated , just an antivirus Kaspersky free updated
for example they start with

Code:

<xs:schema targetNamespace="http://schemas.microsoft.com/win/2004/08/events" elementFormDefault="qualified" xmlns:man="http://schemas.microsoft.com/win/2004/08/events" xmlns:xs="http://www.w3.org/2001/XMLSchema">  <xs:simpleType name="GUIDType">    <xs:annotation>      <xs:documentation>        A globally unique identifier in Registry format.        e.g. {12345678-4321-ABCD-1234-9ABCDEF012345678}.        Use GUIDGen.exe or UUIDGen.exe to create a GUID.      </xs:documentation>

and one file with

Code:

<instrumentationManifest xmlns="http://schemas.microsoft.com/win/2004/08/events" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.microsoft.com/win/2004/08/events eventman.xsd">    <metadata name="evt:meta/winTypes">        <channels>            <channel name="TraceClassic" type="Debug" symbol="WINEVENT_CHANNEL_CLASSIC_TRACE" value="0" message="$(string.channel.TraceClassic)">              Events for Classic ETW tracing.            </channel>            <channel name="System" type="Admin" symbol="WINEVENT_CHANNEL_GLOBAL_SYSTEM" isolation="System" value="8" message="$(string.channel.System)">              Events for all installed system services.  This channel is secured to applications running under              system service accounts or user applications running under local adminstrator privileges.            </channel>            <channel name="Application" type="Admin" symbol="WINEVENT_CHANNEL_GLOBAL_APPLICATION" isolation="Application" value="9" message="$(string.channel.Application)">              Events for all user-level applications.  This channel is not secured and open to any applications.              Applications which log extensive information should define an application-specific channel.            </channel>            <channel name="Security" type="Admin" symbol="WINEVENT_CHANNEL_GLOBAL_SECURITY" isolation="System" value="10" message="$(string.channel.Security)">              The Windows Audit Log.  For exclusive use of the Windows Local Security Authority.  User events              may appear as audits if supported by the underlying application.            </channel>        </channels>

i'm worried , i have scanned with kaspersky and malwarebyte , I can't understand what program/s does or do generate them
at the beginning i tought about Performance Counters Schema and i have disabled via

Code:

it could be disabled with cmd as administratorto disable diskperf -Nto enable diskperf -Y

can I ask you if you have these files?
and if you know from where do they come?
runned sfc /scannow , chkdsk

the files do look like
https://github.com/nihon-tc/Rtest/bl...e/eventman.xsd
thanks

torchwood said:

i highly suggest you shootover to Bleepingcomputers, malware section...
follow the links here

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Help

hi
but kaspersky and malwarebyte did find nothing
it's all clear
and these files are temp file , i have opened with notepad and are text file
thanks