You can use a YubiKey for a portion of a master password. This is best used by manually typing "correct" and autocompleting the latter portion with plenty of entryop of the password/phrase "battery horse staple" from the key. This way, if someone steals the key, you've still got a secret.
You'll still need a password manager to store the unique passwords for your services.
I think that advanced malware can intercept this master password and decrypt all data. I had in thought some hardware, which stores all passwords, reveals only metadata and to actually retrieve a single password, you have to physically interact with device (tap it, for example). In this case even if malware has full control over your PC, it can't retrieve all passwords, only those you've actually used.