Yeah, I know that spyware often exploits the lsass.exe as an entry point. But the masses of Spybot entries are puzzling. Even the people on the Spybot forum had no clue. I mean, the entries are clearly marked as originating from Spybot, so I assume they are no harm. But it is strange, especially as there are only permissions for the system, the trusted installer and the admin (me).