How can I view command prompt history after the window is closed on Windows 10?
I saw in the morning a command prompt window for just one second. After the command finished the window was closed.
I would like to see, what command was run before it closed. Is it possible?
I know, I can see prompt history, if I press F7, but this only works until the command prompt window is closed.
I ran my virus killer applications (Malwarebytes and Windows Defender), but I did not get any result.
I think that was a virus or an undetected malware, that's why so important to me what's going on in the background. More so I am afraid because I downloaded an application from a untrusted source. But I don't want to remove this application, I would like to explore what it does to my system.
64 Answers
Install ConEmu and do the following:
- Press Win + Alt + P
- Go to "Features"
- Enable "Log console output (*)"
- Clear the line below "Log console output (*)" and change it to "%userprofile%\ConEmuLogs"
- Press the
button which is at the top right. It should close or ConEmu might give you an error (ignore it unless it is about the log file)
- Close the tab you opened in ConEmu if it didn't close automatically.
- Press Win + R and enter "%userprofile%\ConEmuLogs"
- Press ENTER
- Find a file with the following format "ConEmu-YYYY-MM-DD-pNNNN.log"
- Open it w/ a text editor, like Notepad.
- This log file will contain all the commands run and their output.
- Please reply back to tell me if this worked for you and/or I misunderstood you. Have a nice day!
Running win 10 17763.1, this is the 2018 October per-release of redstone 5. Win-alt-P didn't work, so I ran the desktop shortcut as admin, then went to + in console and then went to (setup tasks) Now I highlighted features and checked log console output. I have left the default location. %UserProfile%\Desktop\ConEmuLogs....
I have run commands in CMD and Powershell as admin, then went to search and pasted in the default location and have two logs. Nether log showed the commands I have run. Appears this will not help with background commands run. Wanted to add for anyone looking at this, Malwarebytes will help with Internet browser problems such as hijackers/scripts but it is worthless for a true Virus/Trojan/worm, same as windows defender. Microsoft purchased defender from Giant, after they injected it into windows it has become very poor. Basically it will catch people who try and use programs that activate windows, it's junk. Install or run a internet software virus check using a real tool such as Avira, Bitdefender, Kaspersky, Norton. If you don't download anything or open any attachments you probably won't get a true virus, just browser problems such as a hijacker. Odiebugs.
Now in 2021, PowerShell has persistent command history.
Clink provides persistent history between windows command prompt sessions. Find visual demo
Clink combines the native Windows shell cmd.exe with the powerful command line editing features of the GNU Readline library, which provides rich completion, history, and line-editing capabilities. Readline is best known for its use in the Unix shell Bash, the standard shell for Mac OS X and many Linux distributions.
Here are some highlights of what Clink provides:
The same line editing as Bash (from the GNU Readline library version 8.1). History persistence between sessions. Context sensitive completion; Executables (and aliases). Directory commands. Environment variables. Context sensitive colored input text. Automatic suggestions from history and completions... and more
For details, refer to the Clink documentation.
1
