The authors of these programs do not offer code-signed builds. So I compiled my own version from source after verifying the source and code-signed them myself. The installer for SuRun and the archive for PuTTY are also signed with GPG.
Download them here.
// Oliver
PS: verify the executables with Sysinternals sigcheck.exe from Microsoft Technet. If you can, also verify the GPG signature (my key ID is 0E88590F).