Malware

First, identify the virus or mal-ware that your system is infected with.

Then, run a cleaner program that will remove that infection.
That might even be the monthly update to the Microsoft Malicious Software Removal Tool.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356

Once you are clear of any active infections, then you need to fully secure your system.

Start with an update of your anti-virus software. Make sure that both the definition file and the software itself is up to date.

Then, run a full scan of your system. All drives, all folders.

Next, make sure that you are installing all of the Microsoft security updates. If in doubt, run Microsoft Update from your start menu.

If you use a browser or email client other than Internet Explorer or Windows Mail, make sure that those programs are up to date.

Use caution with new web sites, searches and email. If in doubt, scan first and enjoy later.

Chas

You may have to change your email address (and you contacts may as well).

If you find this behavior does not stop once you are certain the computer is clean, then you may have to change addresses if the spam is annoying enough, or just wait it out.

Point I'm trying to make: Cleaning the system may not make the behavior stop in case the mail is being forged elsewhere, and not on your computer.

Your recipients can check the mail - sometimes it is obvious that the mail is not coming from your account.

What email program are you using?
Are we talking about a local address book, or on some kind of online service?

To answer your initial question: Most current antivirus programs only play catch-up: When a new version of a virus is found somewhere, then the antivirus vendor tries to collect samples, analyze the code and determine patterns that can help to recognize the virus. These virus definitions are then distributed to the users.
This process can take several days, so there may always be a time span from the moment a new virus is planted in the wild until all AV solutions recognize it. (Especially for users who update the AV only manually.)

There are also other ways to get access to address book information. One example is when facebook or LinkedIn asks for your gmail password "to search for your friends". (It think both of these try to behave well, but I'd NEVER give up my email login information to any online service)-
Oh, if someone got hold of your facebook login (or at least a session cookie), then they could harvest email addresses from all your contacts...

It could be useful to find out, from where your friends receive spam. For this, you'd need digital copies of email they recieved "from you". The interesting part is not the "payload" of the mail, but in the hidden headers, where one can find tracing time stamps. If these trail back to your computer, then you have an infection.

I suggest you to change a software for antivirus.