Possible Zeus infection 144.76.162.245

[Daylights]

We are inspecting a possible virus infection, this first popped up on the Fortigate firewall which blocked the connection:

Message meets Alert condition

Virus/Worm detected: Zeus Protocol: UNKNOWN(255)яяяяяяяяы5о  Source IP: 10.10.201.29 Destination IP: 144.76.162.245 Email Address From: "N/A" Email Address To: "N/A" [URL]http://www.fortinet.com/ve?vn=Zeusdate=2015-07-28[/URL] time=11:36:20 devname=GP-Fortigate-FW-01 devid=FG100D3G14811592 logid=0211008192 type=virus subtype=infected level=warning msg="File is infected." status="blocked" service=UNKNOWN(255) srcip=10.10.201.29 dstip=144.76.162.245 srcport=51231 dstport=80 srcintf="port6" dstintf="port5" policyid=1 identidx=0 sessionid=237672923 direction=N/A quarskip="No skip" virus="Zeus" ref="[URL]http://www.fortinet.com/ve?vid=0[/URL]" profile="default" srcname="NB1080" osname="Windows" analyticssubmit="false"

Several source IP's are logged already. When we check netstat on these computers, every now and then connections are made to 144.76.162.245 on TCP port 80 and 445 by several PID's (System, GoogleUpdater, Skype, etc.). ESET (the current client AV) doesn't find anything, we did a scan with
- Kaspersky TDSSKiller
- Malwarebytes
- Hitman Pro

All custom scans with all options enabled, nothing was found apart from a few PUM.Hijack registry settings (which seemed to be ok since we were accessing it by Teamviewer). Even more worrying was that it keeps continuing after a complete reinstall (image) of the client. Perhaps it is a virus that is already in the image but I doubt it.

Apart from the strange connections to 144.76.162.245 we don't experience any weird behaviour on the client. Could this be a false positive?