Perhaps the ecdsa signing code and private keys could reside on a smartcard?
How would a user be able to verify a transaction before signing it?
Can a setup be made that guarantees a transaction will be sent to the right person?
I am thinking about the small "calculator"format tokens. Could a custom 'token' display amount and target adress?

So like this: upon user attempt to send BTC a potentially infected pc proposes a transaction to the smartcard. The smart card stores the transaction and is ready to be switched off. The token restarts the smart card, and the smart card analyzes the transaction and outputs BTC amount and target adress to the token LCD. (the token has a button to accept or decline). Upon acceptance, the smarcard signs the transaction and stores it. Computer now starts up the smart card and can find the signed transaction only if user agreed.

Now that I think about it, perhaps the token should have a 2 row screen, one for amount and adress, and a full keypad. Create transactions on the smart card itself through the token.

Assuming the token is not programmable, it would be hard to hack, and since the token is never connected directly to PC, they would have to hack the smart card first...