The svchost.exe was an example only as generally it should only need an outbound connection for windows updates. In some cases malware uses this to try to piggyback of its having previously been allowed a connection, but a good firewall should be able to notice the difference.

The win7 firewall doesn’t have outbound protection enabled by default, so there would be no outbound checking, but it should really get in on the dcom/lsass exploit attempts rather than avast’s network shield, why it doesn’t I don’t know why/

It doesn’t matter where the exploit attempts come from ISP IP or other external IP as basically they use a random IP number generator in the hope of finding an IP with a really out of date OS, and that really is speculative.

Avast should detect and prevent conficker, so it shouldn’t be that trying to get out as these exploit attempts are external and not internal. If it were a conficker attempt then the alert would be different.

Avast free ‘doesn’t have’ a firewall the network shield isn’t a full firewall but monitors common worm/exploit ports. Even if you used the Avast Internet Security suite, which has a firewall it is compatible with the windows firewall and doesn’t disable it.