The answer to both of these questions is because the AV engine in CIS is an on-access scanner. This means that when a file is accessed, CIS scans it to make sure it’s clean. It only scans a few specific file types when they are written to disk. So the only way CIS will know if there is malware in a file on your disk is if you run a scan or simply access the file.
So when you are trying to clean the files with CCleaner, it needs to access the files to delete them. So CIS will scan every file CCleaner is accessing. The same will happen when defragging.
And no, there is no security risk to have malware sitting inert on your hard drive.