Screen logger actions of well-known apps

Today I decided to clean rules in OA Free on my computer...I removed all applications/web/key-loggers rules and OA was "empty and fresh". I restarted computer and than cleaned system by using CCleaner...and I received a "surprise". Just after runing CCleaner tried to connect to the internet...until then it was always as a trusted...despite, that is a portable version, and has disabled automatic update. Next "surprise" was after analising and during cleaning - CCleaner tried to make a screenshot. Such behaviours was very strange to me and I decided to go after those footprints...and below are results of my "investigation".
And my questions in this case:
- why programs like this try to do so strange and potentially hazardous action?
- which more apps can do this but we don't know about this?

Programs with alert about detection of screen-logger

 

Re: Screen looger actions of well-known apps

I have experienced the same thing you are mentioning. I really dont know if it means anything honestly. One of the programs I had alert me was Open Office saying it was trying to read my keystrokes. Well duh it has to if i want to type something. ha. I also have had several programs say they are preforming a screen shot. I dont know if it necessarily means they are or if its just a false positive of some sort because the program is trying to access the screen. I dont know maybe I am wrong.

 

Yeah, i've seen this happen on several occasions with legit software. Zemana was the App that alerted me Strangely PSOL never did ?

It'd be nice to know why such programs do this ?

 

Next added to the list: Ashampoo Burning Studio 10, Mediaplayer Home Cinema, Wondershare Time Freeze, MS Powerpoint (MS Word the same, but I haven't screenshot and it was detected by Mamutu) and Ubiquitous Player.
One exception - MPHC...it has the feature to make the screenshot, other hasn't (for me)

And complete list (at today) of such applications


Now...internet connections (all apps are "portable" and have disabled "check automatic update") - two apps try hidden connection by using svchost.exe.




I know...some actions could be legitimate and OA alerts are false becouse of its "hypersensitivity". But each app of mentioned above work properly after blocking suspicious action. So...what are this actions and what for if applications can be run without them?