mekno: Spybot S&D doesn't directly try to determine the date(s) the spyware first entered your system. Though in some cases portions of the logs do display dates that files were created such as BHOs or ActiveX, not all are displayed, especially the Startup entries.
Here's an example of the Acrobat Reader BHO showing dates and other info:
Code:
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/23/2005 7:12:08 PM
Date (last access): 1/31/2006 8:06:08 AM
Date (last write): 9/23/2005 7:12:08 PM
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172
Note that this Startup entry for Acrobat Reader doesn't list dates though:
Code:
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Spybot S&D is not designed to perform forensics or to aid in determining how or when the PC became infected. Though a few dates may be displayed, this is simply a side effect of this information being available to the programmer to display and not a specific attempt to provide forensic data.
To display the log containing this info, go to Advanced Mode > Tools > View Report > View report.