I've never seen a guide/tutorial for l2mfix, and I think that developing such a beast would be rather difficult. I once asked our member crunchie about interpreting l2mfix logs, and his answer was basically along the lines of "you just know what's suspicious".
In other words, picking the "likely suspects" out of the log relies a lot on intuition and experience, familiarity with the attibutes of the malicious files (telltale names, sizes, creation dates, etc.), and familiarity with the mechanisms of the infection itself. The fact that the names of many of the malicious files identified by l2mfix are random (and can even "morph" at each reboot) means that there can't really be a definitive list of the "nasties" that the utility may find.