There are two different ways to schedule the malware scanner.
1. Using CRON (command line). The correct path for that file is wp-content/plugins/admintoolswp/app/cli/admintools-filescanner.php as Davide said.
2. Using fake CRON (access a file over the web, e.g. using wget or cURL). In this case the URL you need to access is wp-content/plugins/admintoolswp/filescanner.php as you said.
From your ticket it's evident that you are trying to use the first method (command line). Therefore you must use the path that Davide gave you. The path you are trying to use is for the web-accessible version of the malware scanner which won't run correctly using a command-line CRON.
Also note that you can not pass command line parameters in URL query format (using question mark and key=value pairs separated by ampersands). This has a completely different meaning in the command line and your server rightfully complains about it.
So, the correct CRON command line for your case is
You should also disable the front-end access to the file scanner at this point and remove the secret key. This is only required in servers which do not support real, command-line, CRON jobs. You don't need that and it's safer if you disable it.
I hope this further helps clarify what's going on.
Nicholas K. Dionysopoulos
Lead Developer and Director