What type of infection is likely if a user has unknown processes running after downloading an application?

A rootkit is the correct choice in this scenario because it is designed to hide its existence and the presence of other malicious software on a system. When a user unexpectedly finds unknown processes running after downloading an application, it suggests that the system has been compromised at a deep level, often characteristic of a rootkit infection. Rootkits can alter system behavior and evade detection by normal security tools, making them particularly difficult to identify and remove.

Keyloggers, while they capture keystrokes to steal sensitive information, don't typically manifest as unknown processes that are hidden from the user. They are more focused on data gathering rather than overall system stealth. Trojans can also cause unknown processes to appear, but they don’t necessarily operate in a hidden manner; they often disguise themselves as legitimate applications or files. Ransomware typically shows more obvious signs of infection, such as locking files or demanding payment, rather than running unnoticed as background processes.

In summary, rootkits are specifically designed to remain undetected and maintain control over the operating system, making them the most likely explanation for the user's observation in the context of unknown processes following application download.