Malware on website detected by Avast?

See: https://www.virustotal.com/nl/url/d0b71d5ddfee7a0f6ad06cf15f262a5b4c10becfb7f38ebe324248d61999e108/analysis/1449353149/
See: https://sitecheck.sucuri.net/results/zelazka.info.pl
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.001
Detected encoded JavaScript code commonly used to hide malicious behaviour, 76 instances of it.
Not detected here: http://killmalware.com/zelazka.info.pl/
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

yet-another-related-posts-plugin 4.2.5 latest release (4.2.5)
http://www.yarpp.com/
uk-cookie-consent 1.8.2 latest release (1.8.2)
http://catapultdesign.co.uk/plugin/uk-cookie-consent/
wp-slimstat 4.1.6.2 latest release (4.2.1) Update required
http://wordpress.org/plugins/wp-slimstat/
symple-shortcodes
w3-total-cache 0.9.4.1 latest release (0.9.4.1)
http://www.w3-edge.com/wordpress-plugins/w3-total-cache/
youtube-embed 3.3.3 latest release (4.1) Update required
https://wordpress.org/plugins/youtube-embed/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

polonus