Ksnapshot.etl is what?? o_O

As title says. I am curious of what this happens to be and since when searching all over the place. No intelligent response is ever given nor do people have a clue what it is.

So why ask here? Isn’t it obvious? If the question is posed a number of places and nobody knows what it is, that would make anyone curious if it is a virus.

Having nothing to do with “Punkbuster”, does anyone have a clue what this does and its correlating folders??

Location:
Windows/System32/WDI

You can google that and find it after a large string of numbers and letters. So it seems to be logging something at random times.

Edit:
Trying to scan these with both avast and malwarebytes, both seem to say it won’t scan the folders. Anyone else have this going on?
It seems to trigger the “ksnapshot.etl” when shutting the machine down.

Ksnapshot is a KDE desktop application for Linux systems, works like printscreen. http://www.kde.org/applications/graphics/ksnapshot/

Interesting. That I did not find. But I did forget to mention it is a windows based OS and KDE software wouldn’t apply. Thank you anyway.

I did find out that it seems to be a Windows Diagnostic Infrastructure. So it is most likely not viral. But it still makes me suspect of what it takes a snapshot of. If anyone has this information, that would be great to know what one of my machines is doing.

I thought of asking around in microsoft forums…but doing that is far more time wasting than asking people around here, that may actually know more anyway.

Would appreciate it if anyone knows more than I have found on this topic.


I don’t think you mentioned the OS - is it Vista?

Anyway, a quick search with Bing found this - http://www.geoffchappell.com/notes/windows/wdi/index.htm - for Windows/System32/WDI

The Windows Diagnostics Infrastructure (WDI) is new to Windows Vista. Though it is called an infrastructure, it is actually built over another feature, Event Tracing for Windows (ETW). In its use of interfaces, formally defined even if undocumented, it does nothing that could not be coded by non-Microsoft programmers using the kernel-mode ETW functions or the corresponding user-mode functions in ADVAPI32 or NTDLL. Yet much WDI functionality is coded in the kernel itself, which is not something that non-Microsoft programmers could arrange for an alternative package of diagnostics tools.

There is much mire to read at the above link.

ksnapshot.etl is most likely taking a snapshot of the system for WDI.