JustusIV - did you find anything abou this issue?
I'm working with 2 Terminal Services (Win 2008) servers and one of them is scanning the ntuser.dat continuously.
I've been dealing with performance issues on these servers that I can't pin down and recently I've made some adjustments as suggested in this article:
http://www.symantec.com/business/support/index?page=content&id=TECH91070&locale=en_US
specifically diabling the SMCGUI and adding exceptions. I'm not sure if this had anything to do with the rtvscans but i ended up adding an exception to the ntuser.dat as suggested here. I've only made the changes on one of the servers to compare. I'd be curious to find out why symantec is scanning these files so much.
In addition, we had sporadic user logon lockups on the TS servers (user logs on and profile never loads, just spins) and reading other forums about this issue suggest that this may be the case (still need to investigate on my end, but the pieces are starting to fall in place).