Well if your concern is about the theme and data stored in the database, I suggest you also start with a “new install” of the theme.
And as far as the DB goes, I’ve had a similar experience where I took the hacked DB and installed it on my localhost, then exported the wp_users, wp_usermeta, wp_posts, and wp_postmeta tables ONLY.
Then I did a clean install (on the hosting server) of WP with a NEW DATABASE as well, and imported the wp_users, wp_usermeta, wp_posts, and wp_postmeta tables into my clean DB. Typically when a site gets hacked and the DB is affected, it’s the wp_options table that has problems.