I would say that it's very unlikely that the crims have used his computer or anything on it.
Has he checked whether any new payments have been set up? I would say that one of the easiest ways of getting money from an account is to clone a debit card.
Can the bank give any details of where the money went? That would be the easiest way of tracking who took it.