JS:ScriptIP-inf[Trj.] on my website?

Hello,
I’ve got problem with JS:ScriptIP-inf[Trj.] on my website. Avast software finds and block access to post function on my forum. Could you check it and find what causes this problem. My website adress [suspicious]hxxp://drwhoforum.pl[/suspicious] [suspicious]you can login by using username test password test[/suspicious]. My users said that JS:ScriptIP-inf[Trj.] is found in this adress [suspicious]hxxp://drwhoforum.pl/index.php?action=post;board=48.0[/suspicious]
I’m waiting for your quick reply.

check your website here. http://sucuri.net/

also upload the php file to virustotal.com and test with 40+ malware scanners
you may post the result here

These scaners says that everything is ok, but users still say that avast has blocked my website.

Sucuri does not give any clues, but zulu Zscaler has some suspicious files: http://zulu.zscaler.com/submission/show/6db33ffb31f14761dead74b8e1d5ff02-1356564513 (see external elements)
Adware is being blocked by this list: http://forums.fanboy.co.nz/forums/viewtopic.php?f=7&t=6542 for htXp://napisy24.pl/
I do not know but I can normally visit forum Doctor Who Polska.
Logowania nie powoduje żadnych problemów, so no alerts from avast…

polonus,

Polonus jeśli się nie mylę, sądząc po nicku to jesteś z Polski, więc napiszę w rodzimym języku. Problem pojawia się gdy użytkownik próbuje odpowiedzieć na jakiś wątek.

I keep it in English, because that is the language of this forum. Tried to send message on your forums and indeed: htXp://drwhoforum.pl/index.php?action=pm;sa=send is flagged by avast Webshield as the mentioned script malware.
If you feel this is a FP, report here: http://www.avast.com/contact-form.php?loadStyles
Avast is known to soon correct FPs within an upcoming update…

polonus

P.S. Benign: http://wepawet.iseclab.org/view.php?hash=dfce6c3ded4af37272a3e2cef0443751&t=1356607006&type=js

Thanks for your help.