The paper defines two function classes:
\begin{align*}
C_{\alpha,\beta}(x) &= \begin{cases} \beta & \mbox{ if } x=\alpha \\ 0^k & \mbox{ otherwise} \end{cases} \\
D_{\alpha,\beta}(F) &= \begin{cases} 1 & \mbox{ if } F(\alpha)=\beta \\ 0 & \mbox{ otherwsie} \end{cases}
\end{align*}
The point is that if you are given any circuit $C^*$ (even an obfuscated one) computing the same function as $C_{\alpha,\beta}$ then $D_{\alpha,\beta}(C^*)=1$.
On the other hand, if you only have black-box access to $C_{\alpha,\beta}$, and $\alpha,\beta$ are chosen uniformly, then it will be hard to come up with an input that causes $D_{\alpha,\beta}$ to output 1.
Intuitively, having access to an obfuscation of $C_{a,b}$ gives you strictly more power than having black-box access to $C_{a,b}$.
The proof does not really make sense to me though, as assuming an attacker is unable to test every single value of $\alpha$ and $\beta$ there would appear to be no way to conclude there is any difference between $C_{\alpha,\beta}$ and $Z$ (a function that outputs zero on all inputs).
The attacker doesn't distinguish obfuscations of $C_{\alpha,\beta}$ from obfuscations of $Z$ by trying every input. The attacker distinguishes by passing the obfuscation as input to $D_{\alpha,\beta}$. $D_{\alpha,\beta}$ has the "correct" $\alpha,\beta$ baked into it -- it knows where to look so it can easily distinguish $C_{\alpha,\beta}$ from $Z$.