Atitit.木马病毒自动启动-------------win7计划任务的管理

、SchTasks.exe 取代了包含在 Windows 早期版本中的工具 At.exe。XP、Vista、Windows7、Windows2003/2008等系统中均可以使用。

2. Win本身的系统计划任务列表

2.1. 计划任务列表管理gui版本 %windir%system32 askschd.msc /s

2.2. 计划任务列表管理cli版本

作者:: 绰号:老哇的爪子（全名：：Attilax Akbar Al Rapanui 阿提拉克斯阿克巴阿尔拉帕努伊）汉字名：艾龙， EMAIL:1466519819@qq.com

转载请注明来源： http://www.cnblogs.com/attilax/

3. 360的列表接口ui

4. task Scheduler的计划任务服务

服务对话框中找到名称为Task Scheduler的计划任务服务，

5. 错误日志

、要确认计划运行或要找出计划不运行的原因，请查看“任务计划”服务事务日志 SystemrootSchedLgU.txt。该日志记录了由包括“计划任务”和 SchTasks.exe 在内的所有使用该服务的工具启动的尝试运行。

6. Qa schtasks在win7下提示错误:无法加载列资源

Char encode问题...

查看编码

C:UsersAdministrator>chcp

活动代码页: 936

如使用 936中文GBK编码的话

schtasks.exe /query 会报错
错误: 无法加载列资源。

chcp 65001 就是换成UTF-8代码页走ok兰...

7. 添加一个atitask1任务以后

360的列表显示如下图片

Cli显示

Folder:

TaskName Next Run Time Status

======================================== ====================== ===============

Adobe Flash Player Updater Disabled

atitask1 2016/3/10 14:51:06 Ready

ComputerZ-Tray Disabled

DandelionStarter Disabled

Google Pinyin Daemon Disabled

PowerWord-Notify-AT6T5TKUVHGT0IG_Adminis Disabled

PowerWord-Update-AT6T5TKUVHGT0IG_Adminis Disabled

QQBrowser Updater Task 2016/3/9 16:50:00 Ready

QQBrowser Updater Task(Core) N/A Ready

SogouImeMgr Disabled

WpsNotifyTask_Administrator 2016/3/9 15:00:00 Ready

WpsUpdateTask_Administrator 2016/3/9 15:00:00 Ready

8. 自己创建一个任务通过cli

schtasks /create /tn atitask0309_153509_775 /tr "'D:workspace 空格AtiPlatfscreenUtil.bat'" /sc MINUTE /mo 2

----echo:

成功: 成功创建计划任务 "atitask0309_153509_775"。

注意:: 空格的双引号转义..要多传导一个双引号,不个单个引号trans类k...

9. Schtasks 显示的输出如下

Folder:

TaskName Next Run Time Status

======================================== ====================== ===============

Adobe Flash Player Updater Disabled

ComputerZ-Tray Disabled

DandelionStarter Disabled

Google Pinyin Daemon Disabled

PowerWord-Notify-AT6T5TKUVHGT0IG_Adminis Disabled

PowerWord-Update-AT6T5TKUVHGT0IG_Adminis Disabled

QQBrowser Updater Task 2016/3/9 14:50:00 Ready

QQBrowser Updater Task(Core) N/A Ready

SogouImeMgr Disabled

WpsNotifyTask_Administrator 2016/3/9 15:00:00 Ready

WpsUpdateTask_Administrator 2016/3/9 15:00:00 Ready

Folder: Apple

TaskName Next Run Time Status

======================================== ====================== ===============

AppleSoftwareUpdate Disabled

Folder: Microsoft

TaskName Next Run Time Status

======================================== ====================== ===============

INFO: There are no scheduled tasks presently available at your access level.

Folder: MicrosoftWindows

TaskName Next Run Time Status

======================================== ====================== ===============

INFO: There are no scheduled tasks presently available at your access level.

Folder: MicrosoftWindowsActive Directory Rights Management Services Client

TaskName Next Run Time Status

======================================== ====================== ===============

AD RMS Rights Policy Template Management Disabled

AD RMS Rights Policy Template Management N/A Ready

Folder: MicrosoftWindowsAppID

TaskName Next Run Time Status

======================================== ====================== ===============

PolicyConverter Disabled

VerifiedPublisherCertStoreCheck Disabled

Folder: MicrosoftWindowsApplication Experience

TaskName Next Run Time Status

======================================== ====================== ===============

AitAgent Disabled

Folder: MicrosoftWindowsAutochk

TaskName Next Run Time Status

======================================== ====================== ===============

Proxy Disabled

Folder: MicrosoftWindowsBluetooth

TaskName Next Run Time Status

======================================== ====================== ===============

UninstallDeviceTask N/A Ready

Folder: MicrosoftWindowsCertificateServicesClient

TaskName Next Run Time Status

======================================== ====================== ===============

SystemTask N/A Ready

UserTask N/A Ready

UserTask-Roam Disabled

Folder: MicrosoftWindowsCustomer Experience Improvement Program

TaskName Next Run Time Status

======================================== ====================== ===============

Consolidator 2016/3/9 18:00:00 Could not start

KernelCeipTask 2016/3/10 3:30:00 Ready

UsbCeip 2016/3/11 1:30:00 Ready

Folder: MicrosoftWindowsDefrag

TaskName Next Run Time Status

======================================== ====================== ===============

ScheduledDefrag Disabled

Folder: MicrosoftWindowsDiagnosis

TaskName Next Run Time Status

======================================== ====================== ===============

Scheduled 2016/3/13 1:00:00 Ready

Folder: MicrosoftWindowsLocation

TaskName Next Run Time Status

======================================== ====================== ===============

Notifications Disabled

Folder: MicrosoftWindowsMaintenance

TaskName Next Run Time Status

======================================== ====================== ===============

WinSAT 2016/3/13 1:00:00 Ready

Folder: MicrosoftWindowsMemoryDiagnostic

TaskName Next Run Time Status

======================================== ====================== ===============

CorruptionDetector N/A Ready

DecompressionFailureDetector N/A Ready

Folder: MicrosoftWindowsMUI

TaskName Next Run Time Status

======================================== ====================== ===============

LPRemove N/A Ready

Folder: MicrosoftWindowsMultimedia

TaskName Next Run Time Status

======================================== ====================== ===============

SystemSoundsService N/A Running

Folder: MicrosoftWindowsNetTrace

TaskName Next Run Time Status

======================================== ====================== ===============

GatherNetworkInfo Disabled

Folder: MicrosoftWindowsPerfTrack

TaskName Next Run Time Status

======================================== ====================== ===============

BackgroundConfigSurveyor Disabled

Folder: MicrosoftWindowsPLA

TaskName Next Run Time Status

======================================== ====================== ===============

INFO: There are no scheduled tasks presently available at your access level.

Folder: MicrosoftWindowsPower Efficiency Diagnostics

TaskName Next Run Time Status

======================================== ====================== ===============

AnalyzeSystem Disabled

Folder: MicrosoftWindowsRAC

TaskName Next Run Time Status

======================================== ====================== ===============

RacTask 2016/3/9 15:05:17 Ready

Folder: MicrosoftWindowsRas

TaskName Next Run Time Status

======================================== ====================== ===============

MobilityManager N/A Ready

Folder: MicrosoftWindowsRegistry

TaskName Next Run Time Status

======================================== ====================== ===============

RegIdleBackup 2016/3/19 0:25:49 Ready

Folder: MicrosoftWindowsRemoteAssistance

TaskName Next Run Time Status

======================================== ====================== ===============

RemoteAssistanceTask Disabled

Folder: MicrosoftWindowsShell

TaskName Next Run Time Status

======================================== ====================== ===============

WindowsParentalControls Disabled

WindowsParentalControlsMigration Disabled

Folder: MicrosoftWindowsSoftwareProtectionPlatform

TaskName Next Run Time Status

======================================== ====================== ===============

SvcRestartTask Disabled

Folder: MicrosoftWindowsSystemRestore

TaskName Next Run Time Status

======================================== ====================== ===============

SR Disabled

Folder: MicrosoftWindowsTask Manager

TaskName Next Run Time Status

======================================== ====================== ===============

Interactive N/A Ready

Folder: MicrosoftWindowsTcpip

TaskName Next Run Time Status

======================================== ====================== ===============

IpAddressConflict1 N/A Ready

IpAddressConflict2 N/A Ready

Folder: MicrosoftWindowsTextServicesFramework

TaskName Next Run Time Status

======================================== ====================== ===============

MsCtfMonitor N/A Running

Folder: MicrosoftWindowsTime Synchronization

TaskName Next Run Time Status

======================================== ====================== ===============

SynchronizeTime 2016/3/13 1:00:00 Ready

Folder: MicrosoftWindowsUPnP

TaskName Next Run Time Status

======================================== ====================== ===============

UPnPHostConfig N/A Ready

Folder: MicrosoftWindowsUser Profile Service

TaskName Next Run Time Status

======================================== ====================== ===============

HiveUploadTask Disabled

Folder: MicrosoftWindowsWDI

TaskName Next Run Time Status

======================================== ====================== ===============

ResolutionHost N/A Ready

Folder: MicrosoftWindowsWindows Error Reporting

TaskName Next Run Time Status

======================================== ====================== ===============

QueueReporting N/A Ready

Folder: MicrosoftWindowsWindows Filtering Platform

TaskName Next Run Time Status

======================================== ====================== ===============

BfeOnServiceStartTypeChange Disabled

Folder: MicrosoftWindowsWindows Media Sharing

TaskName Next Run Time Status

======================================== ====================== ===============

UpdateLibrary N/A Ready

Folder: MicrosoftWindowsWindowsBackup

TaskName Next Run Time Status

======================================== ====================== ===============

ConfigNotification Disabled

Folder: MicrosoftWindowsWindowsColorSystem

TaskName Next Run Time Status

======================================== ====================== ===============

Calibration Loader Disabled

10. 引用

使用命令行创建计划任务(windows)_百度文库.htm

Atitit.木马病毒自动启动-------------win7计划任务的管理

1. 计划任务的Windows系统中取代AT 的schtasks命令

2. Win本身的系统计划任务列表

2.1. 计划任务列表管理gui版本 %windir%system32 askschd.msc /s

2.2. 计划任务列表管理cli版本

3. 360的列表接口ui

4. task Scheduler的计划任务服务

5. 错误日志

6. Qa schtasks在win7下提示错误:无法加载列资源

7. 添加一个atitask1任务以后

8. 自己创建一个任务通过cli

9. Schtasks 显示的输出如下

10. 引用