JS:Iframe-FI[Trj] reported on my webpage

A friend reported to me that his avast Internet Security reports a trojan (JS:Iframe-FI[Trj]) when accessing my webpage www.metalviecher.de via facebook.
Then I immediately checked the HTML and Javascript of the site and was not able to find anything that should not be there.

A few days later another user reportet the same trojan. At first I thought facebook would be the bad guy here but after installing avast myself I found out that the threat is reported everytime you click on a link (facebook, google, etc) to my website. When entering the url manually nothing happens but at a random time navigating to my webpage dingdong there you go, trojan warning. Strangely enough, this only occurs in Firefox , Opera, Internet Explorer but NOT with google chrome.

At the moment I’m extremely sure that this is a false positive which is pretty annoying because as you can imagine, virus warnings result in a loss off reputation which is pretty bad if the given website is an online magazine that relies on this reputation…

I don’t know what to do since I can not find anything suspicious, all online virus scanners do not report any viruses on my webpage and even my provider told me that they can not find anything. But there is this nagging feeling that I missed something…

Help would be appreciated very much!

can you attach a screens shot of the avast warning ?

This page seems to be 2 suspicious inline scripts found.
http://www.UnmaskParasites.com/security-report/?page=www.metalviecher.de

thanks for your help pondus!

screenshot is attached.
what totally confuses me is that I absolutely can not localise the on http://www.unmaskparasites.com/security-report/?page=www.metalviecher.de
mentioned scripts.

from the avast detection it seems to be in a compressed java script (gzip) … i think ?

The unmasked parasites report may be of an earlier date and that may not longer give response from dionysos.ispgateway dot de hosting that site.
Do not get a avast flag at the moment,

This is also suspicious code there:
wXw.metalviecher.de/libraries/jquery/jquery.anythingslider.js suspicious
[suspicious:2] (ipaddr:80.67.17.206) (script) wXw.metalviecher.de/libraries/jquery/jquery.anythingslider.js
status: (referer=wXw.metalviecher.de/)saved 33374 bytes 0ee030fdfea2ee2112cfa89dbfa4e471817c98a9
info: [decodingLevel=0] found JavaScript
suspicious
General security advice: website makes use of cokkies without Platform for Privacy Preferences Project (www.w3.org/P3P/);
websites gives away through “X-Powered-By” HTTP Header"that dynamical content is being generated, remove this header;
Server transmits the server version number ( how to hide this .>: http://www.cyberciti.biz/faq/rhel-centos-hide-httpd-version/ link author = VIVEK GITE),

polonus