Would it be possible for a recent desktop CPU to decrypt traffic in (nearly) realtime?
If you're asking specifically about backdoored DH groups, well, if you're using a version of TLS that allows the server [1] to propose a nonstandard DH group (and the client would accept that group; sane ones wouldn't), then yes, it could propose an extremely weak group (e.g. one for which $p-1$ has no large factors), and this would make recovering the shared secret (and hence the traffic keys) easy.
Such 'weak DH groups' aren't possible if you're doing a sane version of TLS (or the client refuses to accept some rather odd options); on the other hand, if you are doing DH, you can just have the server use a guessable DH private value (e.g. one which is a function of the server hello cookies); the attacker could use that to listen in.
On the third hand, if you're in control of the server, well, why bother? The server has the traffic keys in hand; if the adversary controls that, it'd be even easier to have the server give the session keys to whoever's listening in.
[1]: I think it's the server that proposes the DH group in TLS 1.2; if not, just swap client and server in the above argument.