"ZeuS/ZBot" not detected by NOD32 ?

A customer of mine received complaint from his ISP that his network ( <> 5 clients, all running NOD32 AV (various versions from 4.0 to 5.) is proven to be infected by "ZeuS/ZBot" (referencing external IP and time stamp )
Could it indeed be that one of the clients got infected and has not been protected against this 'old' malware ?

 

There are many new variants every day. Variations of Zeus Trojans are often missed by NOD32 AV (other anti-virus products too)

 

The variants I often come across are usually detected by ESET only It's a matter of fact that no security solution protects against 100% of threats. If you suspect that a computer is infected, create a SysInspector log (via the Start menu) and submit it to ESET as per the instructions here.
Another thing is that the antivirus product must not be misconfigured in order to detect threats. I've run into cases when users had the Windows folder excluded from scanning and were wondering why ESET didn't detect any threat.

 

I' not yet fully through the line, but malwarebytes at least reported one infection on one client (registry manipulation PUM.Hijack.TaskManager )(as far as possible all clients are also scanned via a standalone unixbased avira / bitdefender combination, 3 error free so far)
No exclusions, all definitions up-to date, NOD32 between 4.0 and 5.0.

Update: None of the clients showed any infections over the last 8 weeks in their logs.

 

According to what you have written, it looks like there's no malicious file on the disk or it's not detected by any of the security solutions you've tried. I'd suggest submitting a SysInspector log to ESET for analysis. You can also try running ESET Rogue Application Remover (in normal mode with Internet connection).

 

We now have one client which is suspect to be the cause.
Malwarebytes scan:
Infizierte Dateien: 4
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\249f56b9-14132c71 (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\6ddeaafa-2d9b04f0 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\6ddeaafa-4c42c25f (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\6ddeaafa-7a5a75e0 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

For NOD32 already previously quarantined files see screenshot.
attached sysinspector .log actually is a .zip.file !!

Can we assume that machine now is clean? Updated to Version 6.0, no other issues found so far