Thank you for your quick replies - what a great community this is.
Here is the screenshot (in French): hxxp://prog-inna-babylon.fr/wp-content/uploads/2011/12/ProgJS.jpg
I can't see any suspicious code in my WP theme, which is custom-made, and I'm not proficient enough to go looking through the Wordpress files themselves. I upgraded to the latest version of WP last week I think, from a fresh install oof 3.2. I've just changed the permissions on files and folders such as htaccess, wp-config.php, wp-content, in accordance to recommendations by BulletProof Security, a WP plugin, so maybe there was a security hole there.
I have deactivated and deleted the NextGen Gallery plugin, which was calling the ngg.slideshow.min.js file in the site's header - thanks Polonus. Avast still shows the error when I navigate to the site - does that mean there's some more evil code somewhere, or that this .js file wasn't to blame?
I can restore the site to about two weeks ago, not sure if that's the best thing to do right now...?
Thanks again for all your help, it's appreciated.