Thank you very much for your reply squatter. The first email that got was that the 2FA was updated (before that there was only the email about the withdrawal of 9000 Euros which I made the same day about 8 hours earlier). And as I said I have all passwords in the safeincloud passwordsafe and had no open session with Kraken on any computer at that time. My 2FA is generated (6 digits).

If my email would have been hacked they would have changed the password at first and they would have deleted the emails - but they we're all unread in the inbox!

I'm asking the absolut same questions as you:
1. how was the 2FA changed? If that is possible then also the global setting lock is useless...
2. how we're these payments confirmed without my email beeing hacked?
3. was a password reset made (I forgot my password) ?! There is no email about that!
4. what security are emails that say a withdrawal was ordered BUT arrive after it was executed?
5. why is Kraken refusing ANY help and information?

As I'm refused any information (information about MY account nothing else - me as the robbed one!) that destroys any confidence I had into Kraken.com  

I will forward this to any coin-magazins and post this in many forums that is not how the first and one of the biggest exchanges should treat their customers!