Is there any possibility of malware infection in Windows 10 for the following three situations:
When you download a zipped file, but do not use it (you do not open it)?
When you only open a zipped file (with 7-zip), but do not extract/run its content?
When you download a ".html" file, but do not open it?
There are different classes of attacks.
First we have what I would call direct attacks: the attacker expects its target to run its code. Common examples are rogue versions of legitimate software which behaves the same as their innocent counterpart but with additional (malware) code. If you do not execute the downloaded file, you will be safe regarding this kind of attacks. It is evident for you 2 first examples, less evident for the third because if you use a browser to dowload a html file, it will execute the contained javascript if any.
But you can also have what I would call side channel attacks. Here the attacker has found a flaw in a legitimate application, and has crafted special data that will cause the standard application to execute the malware code. Examples could include buffer overflow exploits but are not limited to them. Such attacks are generally harder to build and have a lower chance to succeed because for example an attack targetted at a version of Firefox will be uneffective if a user uses Chrome for example. But they must nevertheless be considered because they can be hidden in pure non executable data files like plain jpeg images.
In that case (and in theory because I know no example of these), the attacker could craft a special file to exploit a bug in a downloading application (risk is very low) or in a decompressing tool (risk slightly higher because the algorithms are more complexes).
Browsers such as Chrome have a built-in malware download scanner which help detect malware in most files that you download.
ZIP Files themselves normally add in a layer of protection from any .exe file from being accidentally used on your computer, as the file itself is encoded in the compression algorithm. The closest thing to a 'ZIP file virus' is a Zip Bomb, but that is only when you extract a petabyte text file from a zip file. Zip Bombs can be stopped on modern hardware and you can just delete the file that is now taking up your entire hard drive.
EXE/MSI/VBS files of any flavor will not run a virus, trojan, etc. until the user manually double clicks the file to run it. As long as you have the latest versions of Firefox, Chrome, Edge, etc. you should be fine.
However, there is only a slight possibility that whatever downloading software that you use, such as ie6, that on download, the code can be executed using an exploit., see Drive By Download.
HTML may contain ads and other annoying popups using javascript, but modern browsers help protect you with those problems, especially malicious sites which may trick you into thinking that your computer has a 'virus' using a phishing antivirus page. One of the oldest tricks used was to use a popup that told you that you needed the latest version of flash to view content and would download a virus called 'setup.exe', but that still required you to double click and install.
