Multiple layers are always better. If your computer or browser is compromised, then your password manager's secrets have been pwned, but with 2FA your accounts are still safe (assuming the 2FA is on a separate device, which it really should be)
There's also non-tech users to consider. It's pretty hard to convince users to use a password manager; plenty of people still re-use the same password across sites. It's impossible to prevent that. But it is possible to enforce 2FA for _your_ site.
Your first example is interesting, but it's much more limited than you describe. The attacker can't use your credentials to authenticate their own session, but they have complete control over the authenticated session on your laptop. I can't think of an account I have where that would be meaningfully less bad.
The attacker has access to all of your authenticated sessions on your compromised laptop. They don't have access to any un-authenticated accounts which have 2FA enabled.
There's also non-tech users to consider. It's pretty hard to convince users to use a password manager; plenty of people still re-use the same password across sites. It's impossible to prevent that. But it is possible to enforce 2FA for _your_ site.