Yes. You can read the Windows Event Logs and look for changes to system time. (System time changes are one of the system events that are automatically logged.) For example, I just tweaked my system time by a few seconds and the following appeared in the System Event log:
Information 10/21/2011 11:16:26 AM Kernel-General 1 None
The system time has changed to ?2011?-?10?-?21T16:16:26.000000000Z
from ?2011?-?10?-?21T16:16:26.000000000Z.
You can use the Win32 API to get access to the event logs then query for these events to determine if the time was indeed altered. What's great about this solution is that it's built-in and always running. No need to monitor events via a custom service etc. You just query the OS's data.
This is still not a bullet-proof solution since people with admin rights can chance settings, clear logs etc. But you would definitely layperson-proof your app. System event logs are not something regular Windows users think about.
The XML for that particular event: (de-identified for privacy & security)
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General"
Guid="{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2011-10-21T16:16:26.001000000Z" />
<EventRecordID>138478</EventRecordID>
<Correlation />
<Execution ProcessID="40044" ThreadID="50016" />
<Channel>System</Channel>
<Computer>xxxxx.xxxxxxxxx.org</Computer>
<Security UserID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
</System>
<EventData>
<Data Name="NewTime">2011-10-21T16:16:26.000000000Z</Data>
<Data Name="OldTime">2011-10-21T16:16:26.000000000Z</Data>
</EventData>
</Event>
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
