probably you already know this, but for some that don't this is quite a nice piece of code that can be run via cmd to list all system services and looking for DLLs that are loaded from suspicious locations. proper location ("legal" dll): C:\windows\system32 run cmd with elevated priviliedges: powershell -command "Get-ItemProperty hklm:\SYSTEM\ControlSet001\Services\*\Parameters | ? { $_.servicedll } | select psparentpath, servicedll"
yes but this is just a short piece of code it can't do magic I found it online and tested to some extent show hidden and superhidden would help, reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t REG_DWORD /d 1 /f reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideFileExt /t REG_DWORD /d 0 /f but not if there was intention of hiding it via say a "service" or "programme" or "policy", seeking it from inside the OS is not ideal, I would boot into external OS and preferably "separated" OS then list dlls, for instance Linux write protected USB (lol) something like no virus thanks tools to monitor dlls would be better, mainly the DLL Explorer v1.2 , they focus on this alot via other programs: https://www.novirusthanks.org/download-free-software/
Can listed "illegal" dlls be detected by https://www.wilderssecurity.com/threads/threatinvestigator.436893/page-2
