Oh no! They've jammed the radar! *tastes screen* With strawberry! I hate strawberry -Dark Helmet

Unless it's a signing token (where you enter the payment details to generate the secureity code) this won't necessarily help, since this sort of man-in-the-browser attack is able to modify the payment details that you submit to the Bank's server... and at the same time modify the confirm/receipt screen served back to you, so that from your perspective it looks like you performed your intended transaciton (and entered your token security code), but in fact, the payment has gone off to the attackers desired account.

In fact, in many respects, a SMS solution which sends you a token code and the details of the payment is better than a token code only soution, since this will let you (if you are not completely oblivious), confirm the payment details before authenticating with the token code.

Having said that, I think any 2-factor authentication (security token, SMS, card reader, etc) should prevent any fraudulent transactions which are attempted by this sort of malware after you logoff.