If the OP doesn't know how it happened he's at risk of it happening twice. It's process by elimination so a malware program's needed. OP didn't prove it's his ETH so it isn't easy accepting what he's saying but I'm feeling sad if he's lost $165k.
He hasn't proved
Problem is also that is not going to be easy to determine if your device is clean or infected with something malicious.