The hard part comes when the antivirus program quarantines something that you do need for normal functioning of your system, but you're not sure if it's really infected or just a false positive. A couple of years ago I lost the use of Java (and later found an important Java file quarantined). Rather than take chances, I downloaded Java again from scratch.

I'd guess that the timestamp on a file wouldn't reliably show whether the file had been tampered with. If malware accessed the hard drive directly, bypassing the normal file system, it could probably make a timestamp say anything it wanted. One would hope that antivirus software would be on the lookout for that kind of activity.