如何识别病毒或进程

我注意到从我的PC (Catalina iMac)未经授权访问我的路由器(默认网关)。
我正在调查这个问题，因为我们有几台Mac电脑有同样的行为。
我要识别导致此未经授权访问的病毒或进程，并将其删除。

我们用杀毒软件和Avast杀毒软件扫描了电脑，但是没有检测到任何病毒…

为了调查，我在我的电脑上取了tcpdump日志。
我确认了访问路由器的数据包。
在启动PC后的几分钟内，观察到以下可疑行为:

1. 很多我不认识的DNS查询。我不记得访问过它们。

myspace.com, qq.com, baidu.com, weebly.com, mail.ru, odnoklassniki.ru, aol.com, ebay.com, alibaba.com etc.

2. 大量访问各种端口

21, 22, 23, 53, 81, 111, 135, 139, 192, 427, 443, 445, 515, 548, 554, 631, 873, 1433, 1688, 1801, 1900, 1980, 1990, 2105, 2323, 2869, 3000, 3283, 3306, 3389, 3910, 4070, 4071, 5000, 5001, 5040, 5060, 5094, 5357, 5431, 5555, 5800, 5900, 5916, 5985, 6668, 7547, 7676, 7680, 7777, 8000, 8001, 8002, 8008, 8009, 8080, 8081, 8082, 8089, 8090, 8099, 8181, 8182, 8291, 8443, 8728, 8888, 9080, 9100, 9101, 9112, 9220, 9295, 9999, 10001, 10243, 12323, 15500, 16992, 16993, 17500, 18181, 20005, 30005, 30102, 37215, 37777, 41800, 41941, 44401, 47001, 47546, 49000, 49152, 49153, 49200, 49443, 49667, 52869, 52881, 53048, 55442, 55443, 57621, 59777, 60000, 62078

3. 大量http, https访问

GET / HTTP/1.1
GET /admin HTTP/1.1
GET /AvastUniqueURL HTTP/1.1
GET /cgi-bin/a2/out.cgi HTTP/1.1
GET /cgi-bin/ajaxmail HTTP/1.1
GET /cgi-bin/arr/index.shtml HTTP/1.1
GET /cgi-bin/at3/out.cgi HTTP/1.1
GET /cgi-bin/atc/out.cgi HTTP/1.1
GET /cgi-bin/atx/out.cgi HTTP/1.1
GET /cgi-bin/auth HTTP/1.1
GET /cgi-bin/bbs/postlist.pl HTTP/1.1
GET /cgi-bin/bbs/postshow.pl HTTP/1.1
GET /cgi-bin/bp_revision.cgi HTTP/1.1
GET /cgi-bin/br5.cgi HTTP/1.1
GET /cgi-bin/click.cgi HTTP/1.1
GET /cgi-bin/clicks.cgi HTTP/1.1
GET /cgi-bin/crtr/out.cgi HTTP/1.1
GET /cgi-bin/fg.cgi HTTP/1.1
GET /cgi-bin/findweather/getForecast HTTP/1.1
GET /cgi-bin/findweather/hdfForecast HTTP/1.1
GET /cgi-bin/frame_html HTTP/1.1
GET /cgi-bin/getattach HTTP/1.1
GET /cgi-bin/hotspotlogin.cgi HTTP/1.1
GET /cgi-bin/hslogin.cgi HTTP/1.1
GET /cgi-bin/ib/301_start.pl HTTP/1.1
GET /cgi-bin/index HTTP/1.1
GET /cgi-bin/index.cgi HTTP/1.1
GET /cgi-bin/krcgi HTTP/1.1
GET /cgi-bin/krcgistart HTTP/1.1
GET /cgi-bin/link HTTP/1.1
GET /cgi-bin/login HTTP/1.1
GET /cgi-bin/login.cgi HTTP/1.1
GET /cgi-bin/logout HTTP/1.1
GET /cgi-bin/mainmenu.cgi HTTP/1.1
GET /cgi-bin/mainsrch HTTP/1.1
GET /cgi-bin/msglist HTTP/1.1
GET /cgi-bin/navega HTTP/1.1
GET /cgi-bin/openwebmail/openwebmail-main.pl HTTP/1.1
GET /cgi-bin/out.cgi HTTP/1.1
GET /cgi-bin/passremind HTTP/1.1
GET /cgi-bin/rbaccess/rbcgi3m01 HTTP/1.1
GET /cgi-bin/rbaccess/rbunxcgi HTTP/1.1
GET /cgi-bin/readmsg HTTP/1.1
GET /cgi-bin/rshop.pl HTTP/1.1
GET /cgi-bin/search.cgi HTTP/1.1
GET /cgi-bin/spcnweb HTTP/1.1
GET /cgi-bin/sse.dll HTTP/1.1
GET /cgi-bin/start HTTP/1.1
GET /cgi-bin/te/o.cgi HTTP/1.1
GET /cgi-bin/tjcgi1 HTTP/1.1
GET /cgi-bin/top/out HTTP/1.1
GET /cgi-bin/traffic/process.fcgi HTTP/1.1
GET /cgi-bin/verify.cgi HTTP/1.1
GET /cgi-bin/webproc HTTP/1.1
GET /cgi-bin/webproc?getpage=/../../etc/passwd&var:language=en_us&var:page=* HTTP/1.1
GET /cgi-bin/webproc?getpage=/etc/shadow HTTP/1.1
GET /cgi-bin/webproc?getpage=/etc/shadow&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard HTTP/1.1
GET /cgi-bin/webscr HTTP/1.1
GET /cgi-bin/wingame.pl HTTP/1.1
GET /das/cgi-bin/session.cgi HTTP/1.1
GET /dd.xml HTTP/1.1
GET /fcgi-bin/dispatch.fcgi HTTP/1.1
GET /fcgi-bin/performance.fcgi HTTP/1.1
GET /Frontend HTTP/1.1
GET /HNAP1/ HTTP/1.1
GET /L3F.xml HTTP/1.1
GET /login.html HTTP/1.1
GET /menu.html?images/ HTTP/1.1
GET /picsdesc.xml HTTP/1.1
GET /redir/cgi-bin/ajaxmail HTTP/1.1
GET /rom-0 HTTP/1.1
GET /rootDesc.xml HTTP/1.1
GET /ssdp/device-desc.xml HTTP/1.1
GET /upnp/dev/a266dba0-8baa-3406-a010-2db481ceabf3/desc HTTP/1.1
GET /WANCfg.xml HTTP/1.1
GET /WANIPCn.xml HTTP/1.1
GET /WANIPCn.xml HTTP/1.1 )
POST /ctl/CmnIfCfg HTTP/1.1
POST /ctl/IPConn HTTP/1.1
POST /uuid:0cd2a2e0-68c2-a366-b2f1-8d93ddce634b/WANIPConnection:1 HTTP/1.1

如果您有任何关于这种行为的病毒等的信息，将会很有帮助。
另外，如果你还需要其他信息，请回复我，以便确定它。