Agree with @unman here, import a replacement and move on.
Before you do that, hunt 
for your implant 
, might be some $$$ 
to help fund your replacement.
AFTER, you find your implant and/or actual evidence of said alleged breach, then and only then can your paranoia be confirmed and worthwhile forward direction be found. Anything else is merely “pissing in the wind”.
Re: paranoia
“Just because you’re not paranoid, this doesn’t mean they’re not watching you.”
“Pros”? If you mean corpo world, changes every year so, ask Gartner 
. More than likely, these tools are outside of both your budget & wheelhouse.
Product != help you.
An OODA loop of: Planning → Process → Post-Incident Learning → Prevention, will.
To begin analyzing your traffic, installing OpenSnitch on the hosts you imagine to be compromised would be a good start for you as, it has a friendly GUI and, will ask you to manually create an allow rule for any packets looking to leave your node.
“Globally” (traffic from all qubes), it would be worth taking a look at/tuning/using the Suricata based sys-ips by @Sname.