Although here's some more information, and maybe anyone from Jagex reading over this thread might find it useful.
-The account has a Username, instead of an email address, so getting that Username would be a hassle and a half by normal means. -I can rule out phishing scams entirely, have not clicked on any suspicious emails. -I can rule out keyloggers, per virus scan.
Well if you only did do full scan with a Anti virus , then would i also suggest you to do it with a Malware finder program (like malwarebytes) , because our anti virus programs do not find it all.
Then do you need to make sure everything are secure , meaning :
2fa on your emails Auth for your RS account(s) Bank pin for your in-game wealth.
Gz with your Unban , that means that they could see it was caused by the hijacker , but how the hijacker got your login details are not something they can tell you , since that is not something they can see.
But to give you some tips of how it could have happen :
The email for your account was insecure , if that is the case , then can they ask for your login , password and all that , since the email are the front door key to our accounts.
You got phished some how (and there are a lot of ways for that)
If you connected to Open WIFI's (Public) , then could your information been harvest by using that.Clan : Order Of Adventurers