When you say system log which one are you referring too? If you're using Yast then I guess you're on Suse which I don't know so well.
But to help you out, Cyrus is a mail and IMAP server. Do you know if you have that installed/running?
The user 'nobody' is commonly created by services that need to provide restricted access to outsiders. It's quite common for it to be set up by FTP severs and the like.
cat /var/log/auth.log|grep nobody
as root to see what the user nobody has been upto.