As has been said files that are password protected (by the application responsible for the file) can't possibly be scanned by avast, a) it doesn't know it and b) even if it did know it there is no means of inputting it.
SAS is doing what it should protecting the quarantines files.
VueScan regardless of not being functional is protecting its trialware status would be my guess so could be legit.
So I see nothing untoward about what can't be scanned.
Now comes the easy bit, how to reduce this number to zero, don't scan archive files as they don't present an immediate risk, even if something in them was infected. You could also consider the Sensitivity of the scan you are doing, see below.
- Thorough is also by its design very thorough (it scans all files) and perhaps a little overkill for routine use, were a Standard scan without archives should be adequate. Archive (zip, rar, etc.) files are by their nature are inert, you need to extract the files and then you have to run them to be a threat. Long before that happens avast's Standard Shield should have scanned them and before an executable is run that is scanned.
- I have only ever done a Through Scan with Archives once shortly after installation just to ensure a clean start state, but with XP for example avast will do a boot-time scan after installation if you select it, this I believe will be quicker and reasonably effective. Like everything in life things are a compromise.