Hm, I did not download anything suspicious. The pc is a computer with a newly installed windows on it. I think the main mistake was that I did not set a password on my BTC wallet. I think the program should force you to use a password, but nevermind. Thx for the replies!
The question still stands: how did the attacker get your wallet.dat file. Unprotected or not it still has to leave your computer in order to spend your coins. The encryption is an added security feature, but files should not just leave your computer and end up somewhere else.