Examining your syslog is a good start. You should get to know your Linux log files and what they each represent. As with most things Linux, choice rules the day, but syslog is a pretty common general one. Often times, each system application, e.g. Apache web server, name server, etc will have a log file associated with it. In addition there are some standard logs, such as syslog and other ones like cron and wtmp that are going to be pretty standard. There is also some variation amongst what is standard for a particular distribution.
the destination always seems to be 188.8.131.52. The SRC always seems to be 192.168.1.1.
Off hand, this looks like an iptables entry, most likely saying that traffic has been blocked. The 192.168 address would be the local LAN address of your machine and 224.0.01 is all-systems.mcast.net, which is part of verisign. The whois and nslookup commands are quite valuable here.
RPM -vA not returning anything can be a good thing. If your using a laptop / desktop system on which you did not modify any of the configuration files in /etc, this could be very normal. Here is a short example from one of my machines, where you can see that I have modified some files. The RPM verify shows what has changed compared to the package maintained version. Here is a link to a decent resource
that describes what the codes mean. Of course, it goes without saying that many of these types of commands will need to be run with root privilege.
S.5....T. c /etc/rc.d/init.d/postgrey
S.5....T. c /etc/sysctl.conf
....L.... c /etc/pam.d/fingerprint-auth
S.5....T. c /etc/freshclam.conf
missing c /var/clamav/daily.cvd
Here is my output from the ls for the crontabs, which you can see is similar to yours, except I have two users who actually have crontab entries
drwxr-x--- 2 root root 4096 Sep 24 15:30 ./
drwxr-x--x 21 root root 4096 Mar 6 16:16 ../
-rw------- 1 root mtflyer 78 May 31 2012 myuser
-rw------- 1 root root 1441 Sep 24 15:29 root
Your other entries with RPM Verify, which utilizes the check package syntax is indicating that these packages are not installed, however, this isn't quite what we're after. The files shadow and passwd are contained in your /etc directory, which is where almost all of the system configuration files go. The passwd file contains a list of the users on the system. Shadow is similar, but it also contains the hashed passwords, which are left out of passwd.
As an example of what to expect:
The fields are delimited by the : symbol. Looking at the first entry, root is the user name, X is a placeholder for the passwd, it is user and group 0, there is no comment, the home directory is /root, and the shell is bash. The Linux manual system is well organized and will show you information regarding this structure. To get at it, you need to understand one of the little tricks, that there are several categories to the man pages and how to get at them. In this case, if you enter the command 'man passwd' it will give you the pages for the passwd command, which is not what you are after. If you go to the bottom it should say see also passwd(5), which means that there is also a section in group 5 File Formats and Conventions (list is obtainable via 'man man'). If you then give the command man 5 passwd, you will get the help file regarding the passwd file.
It looks like you off to a good start in the understanding and investigation of your system. One of the things I should have asked, is what is the nature of the system? Is it a desktop/laptop or a server? If it is the former, and especially if you've been behind a firewall router, stayed away from nasty places, and obtained your software via the distribution repositories, your chances of having undesirable "friends" is pretty small, but it is still good to understand your system.
One recommendation I would have for you (borrowing from a post by unSpawn) would be to run the following:
( \ps axfwwwe 2>&1; lsof -Pwln 2>&1; netstat -antTupe 2>&1; lastlog 2>&1; last 2>&1; who -wa 2>&1; find /tmp /var/tmp /usr/tmp /var/spool/cron -printf "%T@ %A@ %C@ %u %g %m %y \"%p\"\n" 2>&1 ) > /tmp/output.log
This will create a big text file in "/tmp/output.log", which will show you the entire process tree, network connections, and a bunch of other relevant information from your system. It probably won't all make sense at first, but do take a look at the output, read the man pages on the commands to see what the options are doing for you, and ask questions if you don't understand something.