2.)If the Website(html, Javascript,...) uses a vulnerability in my Browser to attack me. But in this case avast can't protect me. If avast knows about the attack vector the browser vendor has also fixed the issue. If the vendor doesn't know about it avast won't also.
I don't think this is how it works - even if we assume that you update your browser and all related 3rd party "plugins" as soon as an update is released.
While the virus definitions can target a specific code exploiting a particular vulnerability, the detections are often more "simple" - e.g. they can detect the subsequent downloading phase (either the downloader script, or just the sites known to distribute malware). While this may non be the ultimate protection against the vulnerability (say against a targeted attack), it can be quite efficient - we see ongoing campaigns on our user base and we can just block the specific sites/scripts (and since this doesn't require a full dissecting of the specific vulnerability, it can be done faster than the vendor fixes the issue - if there's a 0-day phase during which the malware already spreads).
Furthermore, you shouldn't assume that the File Shield blocks every known malware... now of course we try our best, but nothing is perfect in reality, right
So it can happen that the File Shield misses a specific sample - yet it gets (or would get) blocked by the Web Shield during download - because it's downloaded from a known malware distribution site. So the layered approach brings some value.