With all due respect to many of these other scanners, they aren't in the same league at detecting hacked/infected sites as avast's Web Shield. When their are multiple detections by the web shield, then the communityIQ feature of avast transmits this information and then the Network Shield would block the site.
The Sucuri scanner does a much more in depth and detailed scan than these other tools also.
If I bypass the network shield, then I get an alert by the Web Shield, image1. Analysing the file that the web shield shows it is an obfuscated zip, image2 extract of the content.
Why this file is loaded by the index.php (and more importantly what it does, I don't know) is strange, but since there are other areas mentioned by the sucuri scan it certainly looks like the site has been hacked. So the most likely area are the PHP templates as it is possibly the PHP content management software that has been exploited (if it is out of date).