Possible Infection - How to further investigate

I might have been hit by a sort of latest Win32/trustezeb malware during preparation of a malware sample to be sent to ESET. At the end, NOD32 has put a file out of /Appdata/local/temp into quarantine, so I believed the machine to be clean.
Now I discovered, that from time to time, NOD32 is blocking access to tmsavu.com and seneesamj.com which googling tells me to be somewhat connected to malware. At time of blocking no browser is active, so I believe a certain malware process still being active.
Autoruns and ProcessExplorer currently don't show any unknown or unsigned program/process (at least to me).
Currently MalwareBytes is running and discovered nothing so far.
Any chance that NOD32 logs would tell me, what process has startet the request to the external adress, so I could start from there to kill it ?
Where would i see logs of blocked adresses and frequency........
From other sites (Avira) I learned that
• %WINDIR%\explorer.exe
• %SYSDIR%\svchost.exe
• %SYSDIR%\ctfmon.exe
might be modified and infected.

Would a systemrecovery (going back 4 days) do a real cleaning?

Any help would be appreciated

 

I assume that running an on-demand scan (inluding memory) doesn't show any infection either. In that case, please generate a SysInspector log and email it to samples[at]eset.com with a reference to this thread. You can also check the reputation of running processes under Tools -> Running processes which might give you a clue as to which process is malicious.

 

Update:
As I needed my laptop desparately, I waited for Malwarebytes having finished its run ( no suspect files found ).
I chose to pull the system back 5 days by system recovery (this was a known date before infection), went fine, no blocked-adress-popups from NOD32 so far..........