Check your files/folders ownerships/permissions (you appear to be using Windows because of backslash separators so it may not apply) and htaccess / apache conf directives for vulnerabilities.
Such malicious code can be placed even beyond your webroot as well.

Do you have data in your FA (is it in production use)? - if so, take professional help.
Also check if you have additional CoAs, extensions, themes and languages installed apart from item images.

Take a backup of the following files after taking sql dumps from say phpMyAdmin:

.htaccess
config.php
config_db.php
installed_extensions.php
lang/installed_languages.inc
company/0/installed_extensions.php
company/0/images/*.jpg
company/0/images/*.png
company/1/installed_extensions.php
company/1/images/*.jpg
company/1/images/*.png
....
....

Wipe out all files from your webroot and do a fresh install and then restore your sql and above files.
Change all your SFTP/SSH/FTP/FA passwords.

avg detected 3 infected file in my frontaccounting backup, they are

"";"Virus identified PHP/Agent.4, faccount\purchasing\includes\infobeB4.php";"Infected"
"";"Virus identified PHP/Agent.4, faccount\modules\import_items\cookielJy3.php";"Infected"
"";"Virus identified PHP/Agent.4, faccount\inventory\includes\infokO04.php";"Infected"

Can I just delete/overwrite them?

Than you
Eric