строки для грепа детектов: "infected with", "infected with modification of", "probably infected with", "is adware program", "is dialer program", "is joke program", "is riskware program", "is hacktool program", "unknown infection type"
консольник стоит запускать как минимум с параметрами: dwscancl.exe /v:r /v:t /wcl c:\
получим вид:
[5] d:\virs\Nota Fiscal Eletronica DANFE302182374.ln# infected with PowerShell.DownLoader.372
[5] d:\virs\Nota Fiscal Eletronica DANFE302182374.ln# - infected, retcode=00000001, KNOWN_VIRUS
[4] d:\virs\b2e271ab25f5de1720e2c68c97b93e89afcf533b is riskware program Program.Unwanted.1127
[4] d:\virs\b2e271ab25f5de1720e2c68c97b93e89afcf533b is riskware program Program.Unwanted.2304
[9] d:\virs\Trojan.CCleaner.zip\7e9cfa3cca5000fe56e4cf5c660f7939487e531a - password protected, retcode=00000100, NOT_INFECTED, SR_FILE_PASSWORD
[9] d:\virs\Trojan.CCleaner.zip\CCleaner.ex# - password protected, retcode=00000100, NOT_INFECTED, SR_FILE_PASSWORD
[9] d:\virs\Trojan.CCleaner.zip - archive, password protected, retcode=00001100, NOT_INFECTED, SR_FILE_PASSWORD, SR_FILE_IS_ARCHIVE
[9] d:\virs\Trojan.Poweliks.3.zip\Poweliks3.ex# - password protected, retcode=00000100, NOT_INFECTED, SR_FILE_PASSWORD
[9] d:\virs\Trojan.Poweliks.3.zip - archive, password protected, retcode=00001100, NOT_INFECTED, SR_FILE_PASSWORD, SR_FILE_IS_ARCHIVE
[9] d:\virs\vir_in_reg.zip\Gootkit.ex# - password protected, retcode=00000100, NOT_INFECTED, SR_FILE_PASSWORD
[9] d:\virs\vir_in_reg.zip\Poweliks.ex# - password protected, retcode=00000100, NOT_INFECTED, SR_FILE_PASSWORD
[9] d:\virs\vir_in_reg.zip - archive, password protected, retcode=00001100, NOT_INFECTED, SR_FILE_PASSWORD, SR_FILE_IS_ARCHIVE
[4] d:\virs\b2e271ab25f5de1720e2c68c97b93e89afcf533b - infected, retcode=00000001, KNOWN_VIRUS
это полная детализация по скану и тех. инфы. первая цифра это номер движка, по нему можно просто группировать объекты. в конце получаем расшифровку всех битов кода а не просто текст и число.