代码如下：

'效率有点低，而且有限制，算是第一个版本吧，有些不好的地方还请多多指教啊
compareRegister "log1.reg","log2.reg"
'**************************************
'功能：采用wmi监听当前注册表是否有变动，如果有变动，导出变动后的注册表文件，然后比较导出前和导出后的文件的不同之处，并显示出现
'参数：filename1表示注册表监听前的文件名，filename2表示注册表修改变动后的文件名
'返回值：无
'**************************************
Function compareRegister(filename1,filename2)wbemFlagReturnImmediately = 16wbemFlagForwardOnly = 32IFlags = wbemFlagReturnImmediately + wbemFlagForwardOnlyresult=""Set wmiServices = GetObject("winmgmts:root/default") Set dtmCreateTime = CreateObject("WbemScripting.SWbemDateTime")Set ws=WScript.CreateObject ("wscript.shell")Set colRegChanges = wmiServices.ExecNotificationQuery _("SELECT * FROM RegistryTreeChangeEvent " _& "WHERE Hive='HKEY_LOCAL_MACHINE' AND RootPath=''",, IFlags)ws.Run "regedit -e "&filename1,0,True '修改前的，导出注册表文件ws.Popup "已经导出操作前注册表为REG文件....",2Do While (True)  Set TreeChange = colRegChanges.NextEventws.Run "regedit -e "&filename2,0,True '修改后的，导出注册表文件ws.Popup "已经导出了修改后注册表为REG文件。。。",2'Time_Created property is 64-bit and' must be converted into CIM_DateTime formatdtmCreateTime.SetFileTime TreeChange.Time_Created, false'Convert to VT_DATE format using GetVarDate' for printing to screenWScript.Echo "注册表变动时间 = " & dtmCreateTime.GetVarDate() _& VBNewLine _& "主键根目录 = " & TreeChange.Hive & VBNewLine _& "子目录名称 = "& TreeChange.RootPath  &vbNewLine _& "创建时间为："&treechange.time_created &vbNewLine _& "描述："&treechange.security_descriptor&vbNewLine _compareDif filename1,filename2  '比较注册表前后的两个文件的内容变化Loop
end Function'compareDif "d:\test1.txt","d:\test2.txt"
''**************************************
'功能：比较两个文件，显示文件中不同的地方，前提是：filename2的行数一定要大于filename的行数
'参数：filename1表示注册表监听前的文件名，filename2表示注册表修改变动后的文件名
'返回值：无
'**************************************
Function compareDif(filename1,filename2)On Error Resume Nextmsg=""Const ForReading = 1, ForWriting = 2, ForAppending = 8Const TristateUseDefault = -2, TristateTrue = -1, TristateFalse = 0Set fso=CreateObject("scripting.filesystemobject")Set readfile1=fso.GetFile(filename1)Set readfile2=fso.GetFile(filename2)Set ts1=readfile1.OpenAsTextStream(ForReading,TristateUseDefault)Set ts2=readfile2.OpenAsTextStream(ForReading,TristateUseDefault)If Not ts1.AtEndOfStream thenbeforereg=Split(ts1.ReadAll,vbCrLf)End IfIf Not ts2.AtEndOfStream thenafterreg=Split(ts2.ReadAll,vbCrLf)End If
'    ws.Popup "正在进行比较注册表，不要关闭请稍等。。。。",5For i=0 To UBound(afterreg)-1If afterreg(i)<>beforereg(i) Thenmsg=msg&"--------------------------------------------"&vbCrLf&"操作前注册表:"&beforereg(i-1)&vbcrlf&beforereg(i)&vbcrlf&"操作后注册表:"&afterreg(i-1)&vbcrlf&afterreg(i)&vbcrlfEnd ifnext MsgBox msgSet ts2=nothingSet ts1=NothingSet readfile2=NothingSet readfile1=NothingSet fso=Nothing
End Function

以上代码测试可用，可参考。