Built-in Windows commands to determine if a system has been hacked

1) WMIC: A world of adventure awaits

C:\> wmic process
C:\> wmic process list brief
C:\> wmic process list full
C:\> wmic startup list full
C:\> wmic process list brief /every:1
Hitting CTRL+C will stop the cycle.

2) The net command: An oldie but a goodie

3) Openfiles: Deep scrutiny

C:\> openfiles /local on
C:\> openfiles /query /v
C:\> openfiles /local off

4) Netstat: Show me the network

C:\> netstat -nao
C:\> netstat –s –p icmp
C:\> netstat –na 2

5) Find: Searching output for useful stuff

C:\> wmic process list brief /every:1 | find "cmd.exe"
C:\> wmic startup list brief | find /i "hklm"

Researching output

With these five tools, users can get a great deal of information about the configuration and security state of a Windows machine. To use each command in identifying a compromise, however, a user needs to compare the current settings of the machine under analysis to a "normal," uninfected machine.
For detailed use of the commands and interpreting outputs read this