Yes, Sucuri was not problem solving plugin in this case, but we found malware in wp-config file, changed all passwords and now we're keeping one’s eye on Sucuri everyday. If even one file would be changed, we'll see it by "Core integrity" function.
Hope it helps to some other people, having same issue.
Thanks.