I have not yet written a statement to the police, because the bank assured that they have competent employees in this area.

Illegal actions have been committed against you , and the first place to contact (after calling the bank to block the card) is the police. She has the right to conduct investigative actions, and appoint examinations, etc. (we will not discuss competence, more on that later).

I also wrote a lot of letters to paypal, described the situation. But so far no one has answered.

Paypal's activities in your country are governed by applicable law. So your rights as a consumer are also protected by law. Paypal provides services, and in your case, this is a PayPal service of inadequate quality . Write a claim, send a copy to the regulatory / supervisory authority (by registered mail). But you must understand that specifically in your situation, PayPal has nothing to do with, and is not connected with you by financial obligations.

04/25/2017 some service was paid for automating the reading of news on the Internet, the office of which is located in the Netherlands

It will not be superfluous to contact this supplier, inform him that the funds will be withdrawn. And make sure that the service provider has received this information. (may come in handy in the future)
Build communication with the bank from the position that you are withdrawing this payment , for a number of reasons. The payment was initiated by third parties, the card information became available to 3 persons, as a result of fraudulent actions (which is reported to the police), the bank did not complete the 3DSecure confirmation procedure, such an operation implies that in the event of a problem with the payment (and it just arose) funds are withdrawn.
As for the "investigation" by the bank's security officers - the bank is clean, the request came from paypal and was completed by the bank. Roughly speaking, this is your problem with the zoo of viruses on your laptop.The bank is not responsible for this and does not owe you anything. You can’t get to the bottom of Paypal about money and registering the left account either, a non-existent email address - and what I created here today - works, I’ll delete it tomorrow, and the day after tomorrow you can’t write to me - the address does not exist. Therefore, the hope for a refund is only a positive decision of the bank to withdraw the operation.
PS according to the answers 1) athacker : Absolutely right said to turn off the laptop. Give to experts when required .
2) Worth
3) Antivirusnik antivirusniku strife, and the installed antivirus does not provide complete protection. And given that children can use the laptop uncontrollably, put a password on key operations for the antivirus.
4) Constantly someone from my acquaintances of acquaintances gets into similar situations. What I described above is the actions that brought the greatest result.

Most likely, it's too late to do anything about the laptop, but just in case. If you plan to give the laptop for examination (to the police, or to an organization specializing in information security), then you CANNOT do ANY actions with the laptop. No antivirus, nothing. Turn off the laptop, remove the hard drive and store it unchanged. Because if traces remain, they can be cleaned (by an intruder, or an anti-virus). The more time has passed and the more time the laptop has been on, the less likely it is to find anything on the disk. But the key rule is that the disk must be kept unchanged.
As I understand it, this is happening in Belarus. I am somewhat skeptical about the competence of the Belarusian police in the field of information security. Actually, the competence of the Russian police also leaves much to be desired... :-) Therefore, it is worth starting with the search for an information security office, and let them contact the police and pass on the data received. But this is possible only if there are personal connections in such organizations, unfortunately. Ask around among acquaintances, perhaps someone works, or has friends/acquaintances in such organizations.

A rather confusing story ... The
laptop needs to be checked by an antivirus program, and preferably not one. Check with the Web - he gives a free version for a while, check with MalwareBytes - once he found a virus where Casper passed.
For payments in tyrnet, it is better to use not real cards, but virtual machines on which you can’t keep money - for example, I use a card from Yandex.Money. It is necessary to pay for something - threw off, paid.

If the money is big, go to the police write a statement. The laptop will be taken away until the end of the examination for sure. Well, a lot of headaches for sure. In general, there are many nuances. You can't describe everything here. If you want I can advise on basic things.

If you did not confirm the payment using a PIN code, and even without confirmation by SMS, the money should be returned to
you. How is payment by card carried out without entering a PIN code?

I have not yet written a statement to the police, because the bank assured that they have competent employees in this area. I only wrote a statement to the bank that this operation was carried out without my knowledge and I ask you to return the money.
I also wrote a lot of letters to paypal, described the situation. But so far no one has answered.
So far, no one has contacted me from the bank during this time. The bank should still be interested in eliminating such a vulnerability. Yes, and paypal should also be interested in removing registration for non-existent email accounts in their system. After all, this will greatly undermine their authority.
I will write here as the events progress.
If they return the entire amount to me, then I see no point in writing a statement to the police. But at the end of all these events, I will study the topic of payment security more deeply. Thanks for the helpful information from everyone who responded.

Heh. Well, what can I say. Bank employees are the last hope. If they can't call back the payment, then f..dec. paragraph. You don't have to contact the police. There is no need to do any examinations. It is quite primitive for a carder to have a double vpn - and your tenacious hands will not reach him. Any searches are useless - you will only lose time. Antivirus is not a panacea, a good automatic crypt update service - and the most standard Zeus will live without detection for at least half a year. - In short, antiviruses don't care about handy bot growers, even though they will all stand there and take turns smoking each other.
Gee. Since you have children, I recommend switching to Linux. Don't save passwords anywhere other than KeePass. Don't reuse passwords, even twice, don't try to remember them, use more passwords16 characters , and where more than 20 are allowed. Be sure to take Theodore's security course . Do not trust banks and the Internet - do not enter card details anywhere . Remember: if there is money on the card, you can only use it offline - purchases and an ATM. There are thousands of services that create one-time prepaid cards. I don’t understand who advised you to pay with a card with a salary via the Internet ... Well, that’s it. Don't pin your hopes on banks. - Switch to bitcoin!

Paypal is good because for white countries (alas, the CIS does not apply to them, but still try) it allows you to dispute the payment,
you just need to do it quickly - create a dispute from the account in which you see these transactions,
from 04/25/2017 there is still enough time
Well, after the dispute, immediately again in Paypal, don’t rely on letters
for banks - they will smile at you there, as a result, the time will only pass when you could have time to challenge in Paypal
as for the VISA itself, then yes, it is possible there up to 6 months, but there are strict criteria (like Vazha Zh was in Minsk, and the card was withdrawn from an ATM in Moscow), for which your case does not fit
if you have a card without SMS informing and at the same time use Aliexpress, you are clearly an adrenaline lover, and it is not clear why you are asking for help (except that this dose turned out to be a little expensive)))

2. Is it worth contacting the police?

You can try, but most likely it will be a waste of time.
Install a live Linux distribution on a flash drive, preferably sharpened for cybersecurity (for example, Tails https://ru.wikipedia.org/wiki/TAILS ). Boot from it and carry out all financial transactions in this environment.
It may seem inconvenient, but if it is more convenient to lose money, then nothing can be done. You have to choose either safety or convenience.
Well, yes. Owls are not what they seem. (with). Now it’s not the 90s and for the most part viruses are no longer viruses, but malware (malware that the antivirus does not regard as a virus). In addition, there were precedents when employees of anti-virus laboratories take the dark side, the temptation is quite great. For example, the recent case of "Humpty Dumpty" and the Kaspersky Lab. Based on this, the safest option today is to use some kind of marginal (in a good way) operating system for financial transactions. Attackers know about their existence, but they will not bother writing malware for them, because the percentage of users of these environments is too low.