32

I saw in the morning a command prompt window for just one second. After the command finished the window was closed.

I would like to see, what command was run before it closed. Is it possible?

I know, I can see prompt history, if I press F7, but this only works until the command prompt window is closed.

I ran my virus killer applications (Malwarebytes and Windows Defender), but I did not get any result.

I think that was a virus or an undetected malware, that's why so important to me what's going on in the background. More so I am afraid because I downloaded an application from a untrusted source. But I don't want to remove this application, I would like to explore what it does to my system.

techraf
  • 4,952
user3545446
  • 477

4 Answers4

12

Install ConEmu and do the following:

  1. Press Win + Alt + P
  2. Go to "Features"
  3. Enable "Log console output (*)"
  4. Clear the line below "Log console output (*)" and change it to "%userprofile%\ConEmuLogs"
  5. Press the button which is at the top right. It should close or ConEmu might give you an error (ignore it unless it is about the log file)
  6. Close the tab you opened in ConEmu if it didn't close automatically.
  7. Press Win + R and enter "%userprofile%\ConEmuLogs"
  8. Press ENTER
  9. Find a file with the following format "ConEmu-YYYY-MM-DD-pNNNN.log"
  10. Open it w/ a text editor, like Notepad.
  11. This log file will contain all the commands run and their output.
  12. Please reply back to tell me if this worked for you and/or I misunderstood you. Have a nice day!
2

Clink provides persistent history between windows command prompt sessions. Find visual demo

Clink combines the native Windows shell cmd.exe with the powerful command line editing features of the GNU Readline library, which provides rich completion, history, and line-editing capabilities. Readline is best known for its use in the Unix shell Bash, the standard shell for Mac OS X and many Linux distributions.

Here are some highlights of what Clink provides:

The same line editing as Bash (from the GNU Readline library version 8.1). History persistence between sessions. Context sensitive completion; Executables (and aliases). Directory commands. Environment variables. Context sensitive colored input text. Automatic suggestions from history and completions... and more

For details, refer to the Clink documentation.

Hikmat E Ustad
  • 21
1

Now in 2021, PowerShell has persistent command history.

TRX
  • 240
1

I use Nirsoft's tool LastActivityView . This gives a list of all the programs that have run on the system in the last few months, along with file opens, system shutdowns and the like.

This does not provide the parameters to commands - just the location of the file that was run.

AndyK
  • 328