Merge pull request #6 from Idov31/dev

Version 1.1.1

Modules/Registry.psm1

@@ -156,7 +156,7 @@ function Clear-ComDlg32 {
         $users
     )
     New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
-    $comDlg32Path = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32"
+    $comDlg32Path = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
 
     foreach ($user in $users) {
         $sid = $(New-Object System.Security.Principal.NTAccount($user)).Translate([System.Security.Principal.SecurityIdentifier]).Value

MrKaplan.ps1

@@ -163,7 +163,7 @@ function New-Config {
             if (!(Test-Path "HKU:\$($sid)\$($comDlg32Path)")) {
                 continue
             }
-            Copy-Item "HKU:\$($sid)\$($comDlg32Path)" -Destination "$($rootKeyPath)\Users\$($user)\ComDlg32" -Force -Recurse
+            Copy-Item "HKU:\$($sid)\$($comDlg32Path)" -Destination "$($rootKeyPath)\Users\$($user)" -Force -Recurse
         }
     }
 
@@ -234,6 +234,7 @@ function Clear-Evidence {
 
     if ($result) {
         Write-Host "[+] Restored! Be careful with your actions now." -ForegroundColor Green
+        Remove-Item -Path $rootKeyPath -Recurse -Force
     }
     else {
         Write-Host "[!] Finished with partial restoration." -ForegroundColor Yellow