Hmm, is 'cb' the session_id? The session ID should look more like '7b975e2584c684f199774326c77e953f', right?
However: are you sure your restored backup is from before the attack? I would recommend to:
- backup the whole joomla-installation
- remove all files
- unzip a pristine, new joomla-download in the www-folder
- remove the /installation-folder copy your old configuration.php to the www-folder (inspect it to see that it's OK)
- copy your template-folder to /templates, inspect all template files for hacks.
Now check if the session problem is still there.
Continue by manually downloading and copying files for your components and addons (virtuemart etc) into the file-structure.
regards Jonas