This is probably NOT a false positive for two reasons:
1. If you could not open the "flickr.gif" file with an image viewer then it is likely not a real image file, it probably contains malicious PHP code and is named "flickr.gif" to make you think it's an image. try opening this file with a text editor.
2. if the path to this file was included in your header.php file as an include than it is definitely trying to execute the file as code instead of displaying it as an image.
If that date on those files are throwing you off you should know that hacker are able to fake the date modified of the files they alter so that it is harder to tell when it was actually hacked.
Without seeing the full contents of these files I cannot say for sure that they are malicious, but the evedence you have given is certainly very suspicious. I would not write this off as a false positive.
Let me know if I can be of further assistance in this matter. If you want to you can also email these files directly to me: eli AT gotmls DOT net
Aloha!