eMule/lMule is another Kazaa-like nuisance for network administrators. Seems to use ports 4662 (TCP) and 4672 (UDP), but since ports are configurable (a recent trend on P2P software), it can pop up again very quickly.

The only decent way to block it is going for a totalitarian approach to firewalling or trying to use snort signatures (snort-sigs).