Proxies can use any port they are set to (then again so can HTTP) but scanners like NMAP or banner-grabbing scanners can find the proxies. Not that hard. It's common to see Proxies at 8080 or 8000 but nothing says they have to be there.

Only a really determined user will go about changing the banner. The bulk of your offenders don't get too fancy. And if you have some that are questionable it's not that hard to separate them out from the easy ones: Just connect to the ports they have open that don't meet standard ports (e.g., 6000-6069: XWindows; 111: RPC; 21: FTP; NNTP: 119; POP3: 110; NetBOIS for NT/95/98; 135-139; 2000AD DS: 445; etc.) and see what response you get.