Since your router has 6.48, you have upgraded after it was hacked, so you have had this problem some time.
Problem is that there was som older version of RouterOS that was open for attack when winbox was open from internet.
I have posted this information several times on the forum.
-----------------------------------------------
Do you need to administrate the router from the outside?
If yes, VPN is the way to go for Router admin from the outside.
If VPN is not possible to use, then to access the route:
1. Use another port than default.
2. Use port knocking. This prevents someone from seeing open ports.
3. Use a long and good password.
4. Use access list to prevent any random internet from accessing your router.
5. Log everything. (See my signature for example.)
6. If possible, setup a remote router and make all routers (to administrate) connect to it using VPN to an admin the router.
7.++++
----------------------------
I guess its not normal to use proxy as well, so all this is part of a hack as well.
PS it does not help to just delete lines in config or use a restore. As Znevna write,
netinstall is the only way to go (or replace the router)
/ip firewall nat
add action=redirect chain=dstnat dst-port=7001 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8020 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8080 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8000 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8050 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=7003 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=7005 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=9502 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8005 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8070 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=9999 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8010 in-interface-list=WAN \
protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=80 in-interface-list=WAN protocol=\
tcp to-ports=8081
add action=masquerade chain=srcnat src-address=192.168.89.0/24
/ip proxy
set enabled=yes port=8081
/ip proxy access
add dst-address=192.168.0.0/16 dst-port=0-65535 src-address=0.0.0.0/0
add dst-address=0.0.0.0/0 dst-port=0-65535 src-address=192.168.0.0/16
add dst-address=10.0.0.0/8 dst-port=0-65535 src-address=0.0.0.0/0
add action=deny dst-address=0.0.0.0/0 dst-port=0-65535 src-address=0.0.0.0/0