ReadyBoost would make sense indeed, but I never used it.
You're right about removing the TV tuner card; I tested that as one of my first attempts, but the system kept crashing. Moreover, the TV card was plugged in when I had the GPU removed - no crashes in three weeks.
When I tested older driver versions, I DDU-uninstalled the old graphics drivers before.
Alright, this is what I got from today's first crash dump:
Code:
0: kd> !wmitrace.eventlogdump 0x0a
WMI Trace Save: Debugger Extension. LoggerId = 10, Save File = 'C:\Users\Keno\AppData\Local\Temp\wmi826D.tmp'
Logger Id 0x0a @ 0xFFFFBB0629054040 Named 'EventLog-System'
CollectionOn = 1
LoggerMode = 0x10800180 ( secure rt single-str )
HybridShutdown = persist
BufferSize = 64 KB
BuffersAvailable = 2
MinimumBuffers = 2
NumberOfBuffers = 2
MaximumBuffers = 16
EventsLost = 0
LogBuffersLost = 0
RealTimeBuffersLost = 0
LastFlushedBuffer = 0
MaximumFileSize = 100
FlushTimer = 1 sec
LoggerThread = 0xffffbb0629054700 (179 context switches)
PoolType = NonPaged
SequenceNumber = 170
ClockType = SystemTime
EventsLogged = -1
Consumer @ 0xffffbb062d7c5ce0
Buffer Address Cpu RefCnt State
===========================================================================================
Buffer 1: ffffbb0629089000 , 0: 0 Free List , Offset: 592 , 0% Used
Buffer 2: ffffbb0629099000 , 0: 0 Free List , Offset: 400 , 0% Used
Saved 2 Buffers
Querying C:\Users\Keno\AppData\Local\Temp\wmi826D.tmp for all events...
Event 0 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='' Guid='{68fdd900-4a3e-11d1-84f4-0000f80464e3}'/>
<EventID> 0 </EventID>
<Version> 2 </Version>
<Level> 0 </Level>
<Task> 0 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x0 </Keywords>
<TimeCreated SystemTime='2018-09-29T19:48:08.895452000Z'/>
<EventRecordID> 0 </EventRecordID>
<Correlation/>
<Execution ProcessID='0' ThreadID='0' ProcessorID='0' KernelTime='0' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security/>
</System>
<ProcessingErrorData>
<ErrorCode> 15003 </ErrorCode>
<DataItemName> </DataItemName>
<EventPayload> 000001000A000200EE4200000100000000000000000000005A620200000000000100001000000000010000000800000000000000500D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000993A9582D58D40180969800000000001120ED582D58D40102000000000000004500760065006E0074004C006F0067002D00530079007300740065006D0000004500760065006E0074004C006F0067002D00530079007300740065006D002E00650074006C000000 </EventPayload>
</ProcessingErrorData>
</Event>
TimeCreated SystemTime='2018-09-29T19:48:08.895452000Z'
Publisher name:
Failed to get event format size. Error = 3AB3
Event 1 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='' Guid='{68fdd900-4a3e-11d1-84f4-0000f80464e3}'/>
<EventID> 0 </EventID>
<Version> 2 </Version>
<Level> 0 </Level>
<Task> 0 </Task>
<Opcode> 66 </Opcode>
<Keywords> 0x0 </Keywords>
<TimeCreated SystemTime='2018-09-29T19:48:08.895452100Z'/>
<EventRecordID> 1 </EventRecordID>
<Correlation/>
<Execution ProcessID='4294967295' ThreadID='4294967295' ProcessorID='0' KernelTime='0' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security/>
</System>
<ProcessingErrorData>
<ErrorCode> 15003 </ErrorCode>
<DataItemName> </DataItemName>
<EventPayload> 31373133342E312E616D6436346672652E7273345F72656C656173652E3138303431302D3138303400 </EventPayload>
</ProcessingErrorData>
</Event>
TimeCreated SystemTime='2018-09-29T19:48:08.895452100Z'
Publisher name:
Failed to get event format size. Error = 3AB3
Event 2 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='' Guid='{68fdd900-4a3e-11d1-84f4-0000f80464e3}'/>
<EventID> 0 </EventID>
<Version> 2 </Version>
<Level> 0 </Level>
<Task> 0 </Task>
<Opcode> 66 </Opcode>
<Keywords> 0x0 </Keywords>
<TimeCreated SystemTime='2018-09-29T19:48:08.895452100Z'/>
<EventRecordID> 2 </EventRecordID>
<Correlation/>
<Execution ProcessID='4294967295' ThreadID='4294967295' ProcessorID='0' KernelTime='0' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security/>
</System>
<ProcessingErrorData>
<ErrorCode> 15003 </ErrorCode>
<DataItemName> </DataItemName>
<EventPayload> 31373133342E312E616D6436346672652E7273345F72656C656173652E3138303431302D3138303400 </EventPayload>
</ProcessingErrorData>
</Event>
TimeCreated SystemTime='2018-09-29T19:48:08.895452100Z'
Publisher name:
Failed to get event format size. Error = 3AB3
Event 3 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Service Control Manager'/>
<EventID Qualifiers='16384'> 7045 </EventID>
<Level> 4 </Level>
<Task> 0 </Task>
<Keywords> 0x8080000000000000 </Keywords>
<TimeCreated SystemTime='2018-09-30T09:34:34.862054400Z'/>
<EventRecordID> 3 </EventRecordID>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security UserID='00001A000000120000000000'/>
</System>
<EventData>
<Data> MpKsl3f83dbe8 </Data>
<Data> C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53FAB0A8-7891-4329-A497-67F3FD6AED0C}\MpKsl3f83dbe8.sys </Data>
<Data> Kernelmodustreiber </Data>
<Data> Systemstart </Data>
<Data> </Data>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T09:34:34.862054400Z'
Publisher name: Service Control Manager
Event message:
Im System wurde ein Dienst installiert.
Dienstname: MpKsl3f83dbe8
Dienstdateiname: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53FAB0A8-7891-4329-A497-67F3FD6AED0C}\MpKsl3f83dbe8.sys
Diensttyp: Kernelmodustreiber
Dienststarttyp: Systemstart
Dienstkonto:
==========
Event 4 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-Windows Defender' Guid='{11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}'/>
<EventID> 1001 </EventID>
<Version> 0 </Version>
<Level> 4 </Level>
<Task> 0 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x8000000000000000 </Keywords>
<TimeCreated SystemTime='2018-09-30T09:37:11.713470300Z'/>
<EventRecordID> 4 </EventRecordID>
<Correlation ActivityID='{4E431D95-A3A9-4A2A-ACFF-86ECBDE70914}'/>
<Execution ProcessID='5496' ThreadID='6592' ProcessorID='0' KernelTime='2712' UserTime='6769'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security UserID='S-1-5-18'/>
</System>
<EventData>
<Data Name='Product Name'> %%827 </Data>
<Data Name='Product Version'> 4.18.1809.2 </Data>
<Data Name='Scan ID'> {08D50398-8F31-46D8-863D-8A4075496F70} </Data>
<Data Name='Scan Type Index'> 1 </Data>
<Data Name='Scan Type'> %%802 </Data>
<Data Name='Scan Parameters Index'> 1 </Data>
<Data Name='Scan Parameters'> %%806 </Data>
<Data Name='Domain'> NT-AUTORITÄT </Data>
<Data Name='User'> SYSTEM </Data>
<Data Name='SID'> S-1-5-18 </Data>
<Data Name='Scan Time Hours'> 0 </Data>
<Data Name='Scan Time Minutes'> 05 </Data>
<Data Name='Scan Time Seconds'> 05 </Data>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T09:37:11.713470300Z'
Publisher name: Microsoft-Windows-Windows Defender
Event message:
Die Windows Defender Antivirus-Überprüfung wurde fertig gestellt.
Überprüfungs-ID: {08D50398-8F31-46D8-863D-8A4075496F70}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Überprüfungszeit: 0:05:05
==========
Success all items processed!
This doesn't look too interesting, more like usual Windows Defender stuff:
Event 3 says "a new system service was installed" (looks like a definition update)
Event 4 says "a quick scan was completed successfully"
But this is what I got from the second crash dump (the one with no sleep cycles):
Code:
0: kd> !wmitrace.eventlogdump 0x0a
WMI Trace Save: Debugger Extension. LoggerId = 10, Save File = 'C:\Users\Keno\AppData\Local\Temp\wmi985E.tmp'
Logger Id 0x0a @ 0xFFFF810342814040 Named 'EventLog-System'
CollectionOn = 1
LoggerMode = 0x10800180 ( secure rt single-str )
HybridShutdown = persist
BufferSize = 64 KB
BuffersAvailable = 2
MinimumBuffers = 2
NumberOfBuffers = 2
MaximumBuffers = 16
EventsLost = 0
LogBuffersLost = 0
RealTimeBuffersLost = 0
LastFlushedBuffer = 0
MaximumFileSize = 100
FlushTimer = 1 sec
LoggerThread = 0xffff810342814700 (154 context switches)
PoolType = NonPaged
SequenceNumber = 152
ClockType = SystemTime
EventsLogged = -1
Consumer @ 0xffff810346e83f60
Buffer Address Cpu RefCnt State
===========================================================================================
Buffer 1: ffff810342842000 , 0: 0 Free List , Offset: 1048 , 1% Used
Buffer 2: ffff810342d85000 , 0: 0 Free List , Offset: 656 , 1% Used
Saved 2 Buffers
Querying C:\Users\Keno\AppData\Local\Temp\wmi985E.tmp for all events...
Event 0 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='' Guid='{68fdd900-4a3e-11d1-84f4-0000f80464e3}'/>
<EventID> 0 </EventID>
<Version> 2 </Version>
<Level> 0 </Level>
<Task> 0 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x0 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:05:35.754899500Z'/>
<EventRecordID> 0 </EventRecordID>
<Correlation/>
<Execution ProcessID='0' ThreadID='0' ProcessorID='0' KernelTime='0' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security/>
</System>
<ProcessingErrorData>
<ErrorCode> 15003 </ErrorCode>
<DataItemName> </DataItemName>
<EventPayload> 000001000A000200EE4200000100000000000000000000005A620200000000000100001000000000010000000800000000000000500D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F3A116CD758D401809698000000000039CC3D6CD758D40102000000000000004500760065006E0074004C006F0067002D00530079007300740065006D0000004500760065006E0074004C006F0067002D00530079007300740065006D002E00650074006C000000 </EventPayload>
</ProcessingErrorData>
</Event>
TimeCreated SystemTime='2018-09-30T16:05:35.754899500Z'
Publisher name:
Failed to get event format size. Error = 3AB3
Event 1 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='' Guid='{68fdd900-4a3e-11d1-84f4-0000f80464e3}'/>
<EventID> 0 </EventID>
<Version> 2 </Version>
<Level> 0 </Level>
<Task> 0 </Task>
<Opcode> 66 </Opcode>
<Keywords> 0x0 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:05:35.754899600Z'/>
<EventRecordID> 1 </EventRecordID>
<Correlation/>
<Execution ProcessID='4294967295' ThreadID='4294967295' ProcessorID='0' KernelTime='0' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security/>
</System>
<ProcessingErrorData>
<ErrorCode> 15003 </ErrorCode>
<DataItemName> </DataItemName>
<EventPayload> 31373133342E312E616D6436346672652E7273345F72656C656173652E3138303431302D3138303400 </EventPayload>
</ProcessingErrorData>
</Event>
TimeCreated SystemTime='2018-09-30T16:05:35.754899600Z'
Publisher name:
Failed to get event format size. Error = 3AB3
Event 2 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='' Guid='{68fdd900-4a3e-11d1-84f4-0000f80464e3}'/>
<EventID> 0 </EventID>
<Version> 2 </Version>
<Level> 0 </Level>
<Task> 0 </Task>
<Opcode> 66 </Opcode>
<Keywords> 0x0 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:05:35.754899600Z'/>
<EventRecordID> 2 </EventRecordID>
<Correlation/>
<Execution ProcessID='4294967295' ThreadID='4294967295' ProcessorID='0' KernelTime='0' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security/>
</System>
<ProcessingErrorData>
<ErrorCode> 15003 </ErrorCode>
<DataItemName> </DataItemName>
<EventPayload> 31373133342E312E616D6436346672652E7273345F72656C656173652E3138303431302D3138303400 </EventPayload>
</ProcessingErrorData>
</Event>
TimeCreated SystemTime='2018-09-30T16:05:35.754899600Z'
Publisher name:
Failed to get event format size. Error = 3AB3
Event 3 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-SMBClient' Guid='{988c59c5-0a1c-45b6-a555-0c62276e327d}'/>
<EventID> 30813 </EventID>
<Version> 0 </Version>
<Level> 4 </Level>
<Task> 0 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x400000000000040 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:48:30.686626300Z'/>
<EventRecordID> 3 </EventRecordID>
<Correlation/>
<Execution ProcessID='4' ThreadID='3896' ProcessorID='0' KernelTime='5' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security UserID='S-1-5-18'/>
</System>
<EventData>
<Data Name='ServerNameLength'> 58 </Data>
<Data Name='ServerName'> \Device\NetBT_Tcpip_{8021CD4F-6CDB-47B1-ACAC-62054DDCCD50} </Data>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T16:48:30.686626300Z'
Publisher name: Microsoft-Windows-SMBClient
Event message:
Eine TDI-Transportschnittstelle wurde gelöscht.
Name: \Device\NetBT_Tcpip_{8021CD4F-6CDB-47B1-ACAC-62054DDCCD50}
Erläuterung:
Eine TDI (NetBIOS)-Bindung wurde auf dem angegebenen Netzwerkadapter für den SMB-Client entfernt. Dieses Ereignis tritt auf, wenn ein Computer heruntergefahren wird oder wenn ein zuvor aktivierter Netzwerkadapter deaktiviert wird. Es ist keine Benutzeraktion erforderlich.
==========
Event 4 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-SMBServer' Guid='{d48ce617-33a2-4bc3-a5c7-11aa4f29619e}'/>
<EventID> 1011 </EventID>
<Version> 0 </Version>
<Level> 4 </Level>
<Task> 1011 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x2000000000000008 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:48:30.687496200Z'/>
<EventRecordID> 4 </EventRecordID>
<Correlation/>
<Execution ProcessID='4' ThreadID='8080' ProcessorID='0' KernelTime='1' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security UserID='S-1-5-18'/>
</System>
<UserData>
<EventData xmlns='Smb2Namespace'>
<NameLength> 0 </NameLength>
<Name> </Name>
<DomainNameLength> 0 </DomainNameLength>
<DomainName> </DomainName>
<TransportNameLength> 58 </TransportNameLength>
<TransportName> \Device\NetBT_Tcpip_{8021CD4F-6CDB-47B1-ACAC-62054DDCCD50} </TransportName>
</EventData>
</UserData>
</Event>
TimeCreated SystemTime='2018-09-30T16:48:30.687496200Z'
Publisher name: Microsoft-Windows-SMBServer
Event message:
Ein Endpunkt wurde entfernt.
Name:
Domänenname:
Transportname: \Device\NetBT_Tcpip_{8021CD4F-6CDB-47B1-ACAC-62054DDCCD50}
Erläuterung:
Dieser Fehler kann auftreten, wenn der Server die Überwachung einer Schnittstelle beendet, wie beispielsweise beim Herunterfahren oder beim Deaktivieren eines Netzwerkadapters. Es ist keine Benutzeraktion erforderlich.
==========
Event 5 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-SMBClient' Guid='{988c59c5-0a1c-45b6-a555-0c62276e327d}'/>
<EventID> 30810 </EventID>
<Version> 0 </Version>
<Level> 4 </Level>
<Task> 0 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x400000000000040 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:48:30.782256800Z'/>
<EventRecordID> 5 </EventRecordID>
<Correlation/>
<Execution ProcessID='4' ThreadID='232' ProcessorID='0' KernelTime='136' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security UserID='S-1-5-18'/>
</System>
<EventData>
<Data Name='NameLength'> 8 </Data>
<Data Name='Name'> Ethernet </Data>
<Data Name='IfIndex'> 9 </Data>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T16:48:30.782256800Z'
Publisher name: Microsoft-Windows-SMBClient
Event message:
Eine TCP/IP-Transportschnittstelle wurde hinzugefügt.
Name: Ethernet
InterfaceIndex: 0x9
Erläuterung:
Eine TCP/IP-Bindung wurde dem angegebenen Netzwerknetwork für den SMB-Client hinzugefügt. Der SMB-Client kann nun SMB-Datenverkehr auf diesem Netzwerkadapter mithilfe von TCP/IP senden und empfangen. Dieses Ereignis tritt auf, wenn ein Computer neu gestartet wird oder wenn ein zuvor deaktivierter Netzwerkadapter erneut aktiviert wird. Es ist keine Benutzeraktion erforderlich.
==========
Event 6 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-SMBClient' Guid='{988c59c5-0a1c-45b6-a555-0c62276e327d}'/>
<EventID> 30810 </EventID>
<Version> 0 </Version>
<Level> 4 </Level>
<Task> 0 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x400000000000040 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:48:30.790154700Z'/>
<EventRecordID> 6 </EventRecordID>
<Correlation/>
<Execution ProcessID='4' ThreadID='232' ProcessorID='0' KernelTime='136' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security UserID='S-1-5-18'/>
</System>
<EventData>
<Data Name='NameLength'> 8 </Data>
<Data Name='Name'> Ethernet </Data>
<Data Name='IfIndex'> 9 </Data>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T16:48:30.790154700Z'
Publisher name: Microsoft-Windows-SMBClient
Event message:
Eine TCP/IP-Transportschnittstelle wurde hinzugefügt.
Name: Ethernet
InterfaceIndex: 0x9
Erläuterung:
Eine TCP/IP-Bindung wurde dem angegebenen Netzwerknetwork für den SMB-Client hinzugefügt. Der SMB-Client kann nun SMB-Datenverkehr auf diesem Netzwerkadapter mithilfe von TCP/IP senden und empfangen. Dieses Ereignis tritt auf, wenn ein Computer neu gestartet wird oder wenn ein zuvor deaktivierter Netzwerkadapter erneut aktiviert wird. Es ist keine Benutzeraktion erforderlich.
==========
Event 7 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-DNS-Client' Guid='{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}'/>
<EventID> 1014 </EventID>
<Version> 0 </Version>
<Level> 3 </Level>
<Task> 1014 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x4000000010000000 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:48:31.612251800Z'/>
<EventRecordID> 7 </EventRecordID>
<Correlation/>
<Execution ProcessID='548' ThreadID='10764' ProcessorID='0' KernelTime='8' UserTime='2'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security UserID='S-1-5-20'/>
</System>
<EventData>
<Data Name='QueryName'> www.apple.com </Data>
<Data Name='AddressLength'> 128 </Data>
<Data Name='Address'> 02000000C0A8B201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 </Data>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T16:48:31.612251800Z'
Publisher name: Microsoft-Windows-DNS-Client
Event message:
Zeitüberschreitung bei der Namensauflösung für den Namen www.apple.com, nachdem keiner der konfigurierten DNS-Server geantwortet hat.
==========
Event 8 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-NDIS' Guid='{cdead503-17f5-4a3e-b7ae-df8cc2902eb9}'/>
<EventID> 10400 </EventID>
<Version> 0 </Version>
<Level> 3 </Level>
<Task> 0 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x2000000000000000 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:48:29.618967500Z'/>
<EventRecordID> 8 </EventRecordID>
<Correlation ActivityID='{8021CD4F-6CDB-47B1-ACAC-62054DDCCD50}'/>
<Execution ProcessID='4' ThreadID='7092' ProcessorID='0' KernelTime='129' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security/>
</System>
<EventData>
<Data Name='IfGuid'> {8021CD4F-6CDB-47B1-ACAC-62054DDCCD50} </Data>
<Data Name='IfIndex'> 9 </Data>
<Data Name='IfLuid'> 1689399632855040 </Data>
<Data Name='AdapterName'> Intel(R) Ethernet Connection (2) I219-V </Data>
<Data Name='ResetReason'> 2 </Data>
<Data Name='ResetCount'> 3 </Data>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T16:48:29.618967500Z'
Publisher name: Microsoft-Windows-NDIS
Event message:
Für die Netzwerkschnittstelle Intel(R) Ethernet Connection (2) I219-V wurde ein Zurücksetzungsvorgang eingeleitet. Während die Hardware zurückgesetzt wird, sind Netzwerkverbindungen vorübergehend unterbrochen. Ursache: The network driver detected that its hardware has stopped responding to commands. Diese Netzwerkschnittstelle wurde seit der letzten Initialisierung 3 Mal zurückgesetzt.
==========
Event 9 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='e1dexpress'/>
<EventID Qualifiers='40964'> 27 </EventID>
<Level> 3 </Level>
<Task> 0 </Task>
<Keywords> 0x80000000000000 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:48:29.618833600Z'/>
<EventRecordID> 9 </EventRecordID>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security/>
</System>
<EventData>
<Data> </Data>
<Data> Intel(R) Ethernet Connection (2) I219-V </Data>
<Binary> 0000040002003000000000001B0004A00000000000000000000000000000000000000000000000001B0004A0 </Binary>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T16:48:29.618833600Z'
Publisher name: e1dexpress
Event message:
Intel(R) Ethernet Connection (2) I219-V
Netzwerkverbindung wurde unterbrochen.
==========
Event 10 :
============
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-SMBClient' Guid='{988c59c5-0a1c-45b6-a555-0c62276e327d}'/>
<EventID> 30810 </EventID>
<Version> 0 </Version>
<Level> 4 </Level>
<Task> 0 </Task>
<Opcode> 0 </Opcode>
<Keywords> 0x400000000000040 </Keywords>
<TimeCreated SystemTime='2018-09-30T16:48:29.622348900Z'/>
<EventRecordID> 10 </EventRecordID>
<Correlation/>
<Execution ProcessID='4' ThreadID='232' ProcessorID='0' KernelTime='136' UserTime='0'/>
<Channel> </Channel>
<Computer> Keno-PC </Computer>
<Security UserID='S-1-5-18'/>
</System>
<EventData>
<Data Name='NameLength'> 8 </Data>
<Data Name='Name'> Ethernet </Data>
<Data Name='IfIndex'> 9 </Data>
</EventData>
</Event>
TimeCreated SystemTime='2018-09-30T16:48:29.622348900Z'
Publisher name: Microsoft-Windows-SMBClient
Event message:
Eine TCP/IP-Transportschnittstelle wurde hinzugefügt.
Name: Ethernet
InterfaceIndex: 0x9
Erläuterung:
Eine TCP/IP-Bindung wurde dem angegebenen Netzwerknetwork für den SMB-Client hinzugefügt. Der SMB-Client kann nun SMB-Datenverkehr auf diesem Netzwerkadapter mithilfe von TCP/IP senden und empfangen. Dieses Ereignis tritt auf, wenn ein Computer neu gestartet wird oder wenn ein zuvor deaktivierter Netzwerkadapter erneut aktiviert wird. Es ist keine Benutzeraktion erforderlich.
==========
Success all items processed!
We have multiple network-related events. I think we can leave out the SMB stuff, what's left is:
Event 7: Timeout in the DNS system while resolving
www.apple.com
Event 8: The network interface Intel bla bla has been reset. (english part: ...because the hardware stopped responding...) The connection was reset 3 times since initialization.
Event 9: Network connection interrupted
Might be interesting, but there was no network related stuff in the first dump. Does this make any sense to you?