How can I view command prompt history after the window is closed on Windows 10?

I saw in the morning a command prompt window for just one second. After the command finished the window was closed.

I would like to see, what command was run before it closed. Is it possible?

I know, I can see prompt history, if I press F7, but this only works until the command prompt window is closed.

I ran my virus killer applications (Malwarebytes and Windows Defender), but I did not get any result.

I think that was a virus or an undetected malware, that's why so important to me what's going on in the background. More so I am afraid because I downloaded an application from a untrusted source. But I don't want to remove this application, I would like to explore what it does to my system.

user3545446

Posted 2016-03-12T12:09:55.500

Reputation: 187

you might try looking into startup applications such as anything in "shell:startup" if this happened after booting the computer – Blaine – 2016-03-12T12:55:59.033

6Short answer: no, the command history is not stored anywhere. – DavidPostill – 2016-03-12T13:05:32.813

But it has to be a system log where this commands can be found right? – user3545446 – 2016-03-12T15:21:09.943

@user3545446 There is, to an extent. Open Start and then search "event viewer". Check for any suspicious events and see what they're doing. – Dog Lover – 2016-03-20T06:04:27.813

this thing is very new from me where is the cmd section? – user3545446 – 2016-03-20T10:08:36.077

1Just note that it not necessarily might be a virus. Some less elegantly written programs do that sort of thing to check something (like updates, etc) on startup, or do that to start a launcher for startup. You might be able to find what launched it by looking in:

msconfig
scheduled tasks
"Startup" folder on your start menu.

But don't panic just yet. If you're worried, do a backup of your most important data first. – Wizongod – 2016-04-13T13:30:30.553

Answers

Install ConEmu and do the following:

Press Win + Alt + P
Go to "Features"
Enable "Log console output (*)"
Clear the line below "Log console output (*)" and change it to "%userprofile%\ConEmuLogs"
Press the button which is at the top right. It should close or ConEmu might give you an error (ignore it unless it is about the log file)
Close the tab you opened in ConEmu if it didn't close automatically.
Press Win + R and enter "%userprofile%\ConEmuLogs"
Press ENTER
Find a file with the following format "ConEmu-YYYY-MM-DD-pNNNN.log"
Open it w/ a text editor, like Notepad.
This log file will contain all the commands run and their output.
Please reply back to tell me if this worked for you and/or I misunderstood you. Have a nice day!

rany

Posted 2016-03-12T12:09:55.500

Reputation: 859

1Thx I will try out tomorrow! – user3545446 – 2016-07-15T14:09:24.613

Running win 10 17763.1, this is the 2018 October per-release of redstone 5. Win-alt-P didn't work, so I ran the desktop shortcut as admin, then went to + in console and then went to (setup tasks) Now I highlighted features and checked log console output. I have left the default location. %UserProfile%\Desktop\ConEmuLogs....

I have run commands in CMD and Powershell as admin, then went to search and pasted in the default location and have two logs. Nether log showed the commands I have run. Appears this will not help with background commands run. Wanted to add for anyone looking at this, Malwarebytes will help with Internet browser problems such as hijackers/scripts but it is worthless for a true Virus/Trojan/worm, same as windows defender. Microsoft purchased defender from Giant, after they injected it into windows it has become very poor. Basically it will catch people who try and use programs that activate windows, it's junk. Install or run a internet software virus check using a real tool such as Avira, Bitdefender, Kaspersky, Norton. If you don't download anything or open any attachments you probably won't get a true virus, just browser problems such as a hijacker. Odiebugs.

pat

Posted 2016-03-12T12:09:55.500

Reputation: 1