Yes, I understand what you are saying, that for you on that windows user account have to log on to connect, but somehow avast using the LOCALSERVICE account doesn't have to do that.
So that would appear to be a loophole in the pppoe security is any account can gain access without having to log-on, as this could also happen for malware using privilege escalation (if such a beast were to get on to your system undetected). Unfortunately I have no idea how you would go about tightening the pppoe security of your router/modem.