If you've gone and gotten yourself a keylogger, there's very little I can do to help you. Any 2FA solution would mean you require my server to access your private keys, and I cannot subject my users to that kind of uncertainty.