okay, i performed scans.
the result of Avast Quick Scan :
a .url file in favorites folder, severity high, status Threat: INI:shortcut-inf[Trj]and this is the created log of MBAM :
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.orgDatabase version: v2012.03.27.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Windows XP :: MICROSOF-12677F [administrator]
Protection: Enabled
3/27/2012 2:00:14 PM
mbam-log-2012-03-27 (14-23-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268415
Time elapsed: 22 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Windows XP.MICROSOF-12677F\My Documents\Downloads\oi_wmv2avi.exe (PUP.BundleInstaller.OI) -> No action taken.
(end)
Edited :
i disabled avast, then downloaded GoogleUpdateSetup.exe from that url, ran a scan no malware detected and also no detection when i started the file download!! ( by accident i was using a proxy )
then i turned off proxy tried to download from the url, malware detected!!!!