rkhunter /usr/bin/ssh && /usr/sbin/sshd [Warning]

My last rkhunter scan reported a couple of warnings that deserve to be checked. Main reason for my suspect is that I wasn't on the machine at (03-Apr-2014 01:12:12) ->AM I googled for understand what's the purpose of the 2 files I mentioned in question title, but I didn't find very helpful answers. Can anybody tell me what's the aim of those files, and maybe also why/when it would be modified by the system itself? [10:17:11] Warning: The file properties have changed: [10:17:11] File: /usr/sbin/sshd [10:17:11] Current hash: 900e153506754ceb7b19f3a01a3ad5e36d43d958 [10:17:11] Stored hash : 55a1a63a46d84eb9d0322f96bd9a61f070e90698 [10:17:11] Current inode: 149998 Stored inode: 142248 [10:17:11] Current file modification time: 1396480332 (03-Apr-2014 01:12:12) [10:17:11] Stored file modification time : 1360359087 (08-Feb-2013 22:31:27) _________________________________ [10:17:34] Warning: The file properties have changed: [10:17:34] File: /usr/bin/ssh [10:17:34] Current hash: 60366d414c711a70f9e313f5ff26213ca513b565 [10:17:34] Stored hash : 1b410fb0de841737f963e1ee011989f155f41259 [10:17:34] Current inode: 150030 Stored inode: 142203 [10:17:34] Current file modification time: 1396480332 (03-Apr-2014 01:12:12) [10:17:34] Stored file modification time : 1360359087 (08-Feb-2013 22:31:27) the apt logs files making me worry, I censored couple of info. Apparently in the 03-Apr-2014 I didn't installed nothing. Start-Date: 2014-04-01 15:49:18 Commandline: *********** Install: *********** End-Date: 2014-04-01 15:49:29 Start-Date: 2014-04-08 14:03:52 Commandline: *********** Install: *********** End-Date: 2014-04-08 14:04:04 By the way I think (hope) they are false positives [edit:not anymore]. Maybe files edited by some process of the system and normally not recorded in the .dat file of rkhunter because I didn't updated. I came here to find some confirmation or some more paranoia.