so... the best thing to do here - except converting to ntfs - is to rename your cmd.exe and copy an empty file (or some other harmless prog.) to cmd.exe
(it would be funny to create some small prog. that tells the hacker he's been logged... )

If a hacker attemps this hack this would at least have 'm wondering why it doesn''t work ..
It's very easy to solve though..

M$ should have created a way to disable the logon.scr ...