• TrendMicro OfficeScan Antivirus
• AVAST
• Malwarebytes' Anti-malware
• Ad-Aware
• Vipre Antivirus
• GMER
• TDSSKiller (Kaspersky Labs)
• HiJackThis
• RegRuns
• UnHackMe
• SuperAntiSpyware Portable
• Tizer Rootkit Razor (*)
• Sophos Anti-Rootkit
• SpyHunter 4
• ComboFix

As suggested in this very similar question, I have run full scans (+boot time scans) with RegRun and UnHackMe, but they also did not find anything. I have carefully examined all entries in the Event Viewer, but there's nothing wrong.

• TrendMicro OfficeScan Antivirus
• AVAST
• Malwarebytes' Anti-malware
• Ad-Aware
• Vipre Antivirus
• GMER
• TDSSKiller (Kaspersky Labs)
• HiJackThis
• RegRuns
• UnHackMe
• SuperAntiSpyware Portable
• Tizer Rootkit Razor (*)
• Sophos Anti-Rootkit
• SpyHunter 4
• ComboFix

As suggested in this very similar question, I have run full scans (+boot time scans) with RegRun and UnHackMe, but they also did not find anything. I have carefully examined all entries in the Event Viewer, but there's nothing wrong.

• TrendMicro OfficeScan Antivirus
• AVAST
• Malwarebytes' Anti-malware
• Ad-Aware
• Vipre Antivirus
• GMER
• TDSSKiller (Kaspersky Labs)
• HiJackThis
• RegRuns
• UnHackMe
• SuperAntiSpyware Portable
• Tizer Rootkit Razor (*)
• Sophos Anti-Rootkit
• SpyHunter 4

• TrendMicro OfficeScan Antivirus
• AVAST
• Malwarebytes' Anti-malware
• Ad-Aware
• Vipre Antivirus
• GMER
• TDSSKiller (Kaspersky Labs)
• HiJackThis
• RegRuns
• UnHackMe
• SuperAntiSpyware Portable
• Tizer Rootkit Razor (*)
• Sophos Anti-Rootkit
• SpyHunter 4
• ComboFix

EDIT 4: Today, I immediately started "Process Monitor" as soon as Windows was started to hopefully catch the guilty one (thanks to @harrymc for the idea). At 9:17, UAC slider was slided to the bottom (Windows 7 Action Center gave the warning). I investigated all the registry actions between 9:16 and 9:18. I saved the Process Monitor log file (70MB containing only that 2 minutes interval). There are lots of EnableLUA = 0 (and the other) entries. I'm posting the screenshots of the properties windows of the first 4 below. It says svchost.exe is doing this, and gives some thread and PID numbers. I don't know what I should infer about them:

EDIT 3: Last night, I left the laptop open because of a running SQL task. When I came in the morning, I saw that UAC was turned off. So, I suspect that the problem is not related to startup. It is happening once a day for sure no matter if the machine is rebooted.