When I came back from my holidays, I found someone used my computer (Windows NT) and besides others, installed there 'something'. There were remains of InstallShield (_delis43.ini, Zdata51.dll, _ins5176._mp) in a TEMP directory. My question is how can I find out what activities was performed on my comuputer. Will you give me a hint where I should look for them.
Regards,
Martin

You can do the following: if you have auditing enabled, check your event log. Check ownership of those files, and look for other modifications with the same owner.