Ah.
Backdoor.Berbew is a Backdoor Trojan Horse that is downloaded from the Internet by Trojan.Download.Berbew. The Backdoor Trojan steals passwords and delivers them in the form of URL requests to the Web site of the Trojan's creator. Port numbers 7714 and 8546 may be opened for listening (the port numbers may vary).
That explains the html-forms and the WNetEnumCachedPasswords I found inside.
Interresting code, it'll keep me busy for a while