Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-08-13.01 - home 14/08/2015 16:26:56.1.4 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2036.1085 [GMT 1:00]
Lancé depuis: c:\users\home\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\home\ZHPDiag3.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-07-14 au 2015-08-14 ))))))))))))))))))))))))))))))))))))
.
.
2015-08-14 15:45 . 2015-08-14 15:46 -------- d-----w- c:\users\home\AppData\Local\temp
2015-08-14 15:45 . 2015-08-14 15:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-14 15:45 . 2015-08-14 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-14 15:07 . 2015-07-21 06:25 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C56EB456-DD91-460F-9AB7-14FB336AD69F}\mpengine.dll
2015-08-14 13:44 . 2015-08-14 14:09 -------- d-----w- c:\programdata\RogueKiller
2015-08-08 21:05 . 2015-08-08 21:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD2D490-9406-4084-9A56-DF9B369C57DF}\offreg.1932.dll
2015-08-08 14:40 . 2015-07-21 06:25 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD2D490-9406-4084-9A56-DF9B369C57DF}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-14 14:54 . 2015-01-27 16:34 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-14 14:09 . 2015-01-29 18:02 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-08 14:21 . 2015-05-11 23:00 589512 ----a-w- c:\windows\system32\%InstallDir%speclean.exe
2015-06-18 07:41 . 2015-01-27 16:34 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41 . 2015-01-27 16:34 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2015-01-27 16:34 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-12-10 143344]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-12-10 177136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-12-10 169456]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2014-12-03 18:06 40336 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-02-19 16:40 5503768 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfxServiceInstall]
2013-11-04 11:48 131 ----a-w- c:\windows\System32\GfxCUIServiceInstall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-05-20 22:23 3903056 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 NETwNs32;___ Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETwsn00.sys [2013-05-29 10375680]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-01-29 23840]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-06-18 94936]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2013-11-04 1349632]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2013-11-04 435200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-08-14 98520]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2014-01-07 270552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-06-18 669912]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contenu du dossier 'Tâches planifiées'
.
2015-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-29 17:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\aluhiq1j.default\
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-08-14 16:50:21
ComboFix-quarantined-files.txt 2015-08-14 15:50
.
Avant-CF: 106 362 417 152 octets libres
Après-CF: 106 188 111 872 octets libres
.
- - End Of File - - 0D86257DC37C9004BFBA06BA327ED613
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2036.1085 [GMT 1:00]
Lancé depuis: c:\users\home\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\home\ZHPDiag3.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-07-14 au 2015-08-14 ))))))))))))))))))))))))))))))))))))
.
.
2015-08-14 15:45 . 2015-08-14 15:46 -------- d-----w- c:\users\home\AppData\Local\temp
2015-08-14 15:45 . 2015-08-14 15:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-14 15:45 . 2015-08-14 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-14 15:07 . 2015-07-21 06:25 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C56EB456-DD91-460F-9AB7-14FB336AD69F}\mpengine.dll
2015-08-14 13:44 . 2015-08-14 14:09 -------- d-----w- c:\programdata\RogueKiller
2015-08-08 21:05 . 2015-08-08 21:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD2D490-9406-4084-9A56-DF9B369C57DF}\offreg.1932.dll
2015-08-08 14:40 . 2015-07-21 06:25 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD2D490-9406-4084-9A56-DF9B369C57DF}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-14 14:54 . 2015-01-27 16:34 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-14 14:09 . 2015-01-29 18:02 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-08 14:21 . 2015-05-11 23:00 589512 ----a-w- c:\windows\system32\%InstallDir%speclean.exe
2015-06-18 07:41 . 2015-01-27 16:34 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41 . 2015-01-27 16:34 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2015-01-27 16:34 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-12-10 143344]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-12-10 177136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-12-10 169456]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2014-12-03 18:06 40336 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-02-19 16:40 5503768 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfxServiceInstall]
2013-11-04 11:48 131 ----a-w- c:\windows\System32\GfxCUIServiceInstall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-05-20 22:23 3903056 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 NETwNs32;___ Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETwsn00.sys [2013-05-29 10375680]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-01-29 23840]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-06-18 94936]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2013-11-04 1349632]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2013-11-04 435200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-08-14 98520]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2014-01-07 270552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-06-18 669912]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contenu du dossier 'Tâches planifiées'
.
2015-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-29 17:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\aluhiq1j.default\
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-08-14 16:50:21
ComboFix-quarantined-files.txt 2015-08-14 15:50
.
Avant-CF: 106 362 417 152 octets libres
Après-CF: 106 188 111 872 octets libres
.
- - End Of File - - 0D86257DC37C9004BFBA06BA327ED613
A36C5E4F47E84449FF07ED3517B43A31